7 Security Issues That Will Surprise You

Here are seven quick security tips you probably didn't expect:

1. FBI warns against using public phone charging stations

Recently the FBI put out yet another release stating hackers can infect phones with malware using public charging cables. The hacker sets up a kiosk or replaces a charging cable with their own, and the phone is infected when plugged in. Easily so if the person "trusts" the connection when the phone prompts them.

Solution: Bring your own cable and wall wart, and use a power outlet not a random USB port.

2. 99% of Health Care Sites Track You

According to a recent study, virtually all health care (hospital, doctor, insurance) related sites use web site analytics tracking. The study noted 55% use the Meta (Facebook) Pixel service for tracking which was also recently in the news for sending all submitted form data/fields to Meta, including health data.

Solution: Use a Private or Incognito window to isolate sensitive traffic from Meta, and/or Firefox's Facebook Container or Multi-Account Container add-ons, which actively block Facebook trackers.

3. Incognito AND Private Windows Still Track You

Think your surfing is private? Think again. These special browser sessions do a good job of not caching page content and isolating and not saving cookies and browsing history, but the web site will still see the IP address from which you're connecting, and the site's analytics cookies do still function. Google is (apparently successfully) fighting a class action lawsuit over whether users were fooled that Incognito mode prevented tracking.

Solution: Use a VPN or proxy server, though that sends all your data to/through the VPN company, and media sites especially block VPN connections. Or, don't browse for any content you don't want tracked.

4. Incognito AND Private Windows Are Shared

If you open a new Incognito window, it is not separate from any others that are open. In other words they all share the same session, and potentially the same tracking. So if you log in to Facebook on one tab, other Incognito or Private windows are "logged in" also.

Solution: Use Firefox's Multi-Account Container add-on which can automatically isolate sites, or different browsers for different sites.

5. Your Phone Is Slow To Update

Though it has been getting better in recent years, Android was notoriously slow to roll out security updates, because they proceed from Google to the phone manufacturer who incorporate them into their phone, then release them. In early 2022 Apple started slowing the automatic updates for iOS from a couple weeks to a couple of months, to lengthen the rollout period. Both are too long to wait for security fixes for known vulnerabilities.

Solution: Check for updates yourself from time to time.

6. Google's New Two-Factor Authentication Isn’t End-to-End Encrypted

In late April Google announced a new feature to its Authenticator app to sync accounts across devices. However researchers at Mysk found the data is not end-to-end encrypted, meaning Google can potentially read the information. The unencrypted traffic contains a "seed" that’s used to generate the two-factor authentication codes. According to Mysk, anyone with access to that seed can generate their own codes for your accounts and break in. Google acknowledged that the data is not end-to-end encrypted, but said that important security feature will be added at some point.

Solution: Do not sync data across devices with Google Authenticator, or use a different MFA app.

7. Signing In to Your Home Email At Work Will Sync Passwords

Or vice versa. Chrome has a "feature" where if you log in to Gmail or another Google site, Chrome will also log you in to that account on the browser. If the account is set to sync passwords then work passwords may sync to a home PC, or personal accounts sync to a work PC. And, further saved passwords will save into that now-logged-in Chrome account.

Solution: Use a different browser, Incognito window, or just avoid signing in to personal web sites at work, and be sure to sign out when done.

May 2023

Send this article to a friend!
Subscribe to The ITS Connection

Related articles