Security

Five Security Holes You Should Fix Right Now

We are all vulnerable to security problems from time to time — from hacked routers to data-leaking apps and everything in between. Fortunately, protecting yourself is as easy as taking a look at the default settings on your computer. Here’s how you can protect yourself.

UPnP Allows Access to Your Gear from Outside Sources

UPnP (Universal Plug and Play), a component meant to make devices like routers, printers and media players easy to discover on a network, has been accused of having security holes for a long time. The most recent study suggests 40 million to 80 million network-enabled devices responded to discovery requests from the internet and are vulnerable to an attack that gives hackers access to webcams, printers, passwords and more. This means routers with the bug can be accessed from the internet to remotely screw with your system even if you don’t have malware installed.

The good news is that most of the affected hardware is old, and the problem likely isn’t as widespread as it seems. That said, in the case of most devices, you can turn UPnP off in the settings (look in your manual for directions). To turn it off on a router level, you pop into the admin page and disable UPnP. This doesn’t affect your ability to stream media over UPnP, so there’s no reason to have it enabled on any of your devices. If you want to check your hardware, security site Rapid7 has made a tool to scan devices on your network.

WEP/WPA Passwords on Your Router Are Easy to Crack

Chances are that your router is using either a WPA (Wi-Fi Protected Access) password or a WEP (Wired Equivalent Privacy) password. Unfortunately, it’s easy to crack a Wi-Fi network’s WPA password or WEP password.

Both of these vulnerabilities exist for different reasons. In the case of WEP, it’s as simple as cracking the password with an automated encryption program, while a vulnerability in WPS (Wi-fi Protected Setup) on certain routers makes WPA insecure. This can be corrected by turning WPS off. If you can’t turn WPS off, you might be able to install DD-WRT so that you can do so. DD-WRT should also add a nice security layer to your home network.

Anything not HTTPS Is Easy to Snoop On

HTTP Secure is the protocol used to secure confidential data sent through the internet. This includes your bank information and social networks. For your home network, you can simply install the HTTPS browser extension that ensures you will always use the secure version of a site so your data doesn’t fall into the wrong hands. Without HTTPS, your personal data is far more likely to fall through a security hole and into the hands of some nefarious person.

While it’s important to use HTTPS at home, it’s far more important to always use it on public Wi-Fi. At places like hotels, airports or libraries, someone is probably snooping on your passwords. Your best solution for public Wi-Fi is to use a VPN (virtual private network) to route your traffic safely and securely.

Apps and Websites Might Accidentally Leak Data

It happens time and time again. A hacker finds a software exploit and you have to change all your passwords, or your personal data gets leaked. This happens with Java constantly, but it’s happened to just about everyone at some point, including Mega, Apple, Skype, Path and Facebook.

The best thing you can do is keep your software up to date. This means both your operating system and your mobile software. Generally, when your data is leaked, someone notices, and the software is patched up right away.

It’s not the perfect solution, but since the security holes are on the service or software side, it’s all you can do. Make sure you have two-factor authentication enabled where you can, and use a a password system like LastPass to ensure your leaked data doesn’t reveal enough information to get your login for another service.

Strong Passwords Aren’t Enough

A good password only gets you so far. Social engineering hacks happen when a skilled hacker bypasses technical protections (like a strong password) to get the information they want by simply talking to a person — no “real” hacking is required. It’s exactly what happened last year when the Apple and Amazon exploits were uncovered in Mat Honan’s hack.

In short, people are one of the biggest security holes in the larger chain. Hackers can use psychological tricks to get your information, they might pose as someone important, as a Facebook friend, or even as you when talking with customer support. With a little information, they can then gain access to your account. If that account uses the same password as everywhere else, they essentially get access to everything you do. Thankfully, you can protect yourself with a few simple tips.

The main goal is to make sure you don’t have all your eggs in one basket. That means if someone gets one password to one site, they can’t get in elsewhere. So, never use the same password more than once, use two-factor authentication, and get creative with your security questions.

Plugging up these security holes isn’t exactly a fun way to spend a day, but it’s certainly more entertaining than waking up one morning to find someone has stolen your identity.


Have you subscribed to Lifehacker Australia's email newsletter? You can also follow us on Facebook, Twitter and YouTube.