House Keys Under the Doormat? Nope, in Your Phone

One of my friends recently locked himself out of his apartment. I found this out when I called him because although he didn’t have his keys, he did have his smartphone. This was one of those times he wished he lived in one of those hotels with the Assa Abloy NFC-enabled locks.

It turns out he doesn’t need to go to a hotel to open his door with a phone. Kwikset will soon be selling Kevo, a new deadbolt that can be unlocked with a Bluetooth-enabled phone. You can replace your old door locks with one of these new models.


The Kwikset/Unikey Kevo deadbolt is controlled via a Bluetooth-enabled smartphone app.

The Kevo lock [see demo video] is based on technology from Unikey, a winning company on the ABC TV show Shark Tank. Unikey’s background is in developing biometrics-access controls. Those controls are the ones you see on TV or in movies when a character places a palm or finger on a pad to open a door. With these locks we can all have similar technology guarding our homes.

Security Concerns
Another thing that you would notice from those same shows and movies is that the bad guys are always trying to break these high-security locks and access controls. The difficulty facing the average computer crook when facing a government high-tech lock is that there are so few of these locks to test against. Contrast those to millions of Bluetooth locks that one can buy off the shelf. The bar is much lower with Bluetooth because if they damage one lock during testing, the criminals can easily buy another one and try again.

The biggest payoff for technical attackers against a lock like this is to duplicate your keys or introduce a new one of their own. With physical keys they would need to get possession of them to make copies; with digital keys they need to break encryption and/or bypass security on the device that holds the keys (smartphone or key fob).

The deadbolts come with a single key fob, similar to car keys with transponders in them, and more can be purchased. It’s not clear yet whether, as with transponder keys, one needs to go through a complex process to activate additional fobs. The security of the fobs makes the smartphone a relatively easier target to go after.

There is an iPhone app that lets you manage both your own door key plus those of other residents (e.g., friends, house sitters, etc.) and temporary keys. Android phones also support Bluetooth. So the choice to produce the iPhone app first may have to do with the relative ease of decompiling Android apps.

IPhones are not necessarily more secure, as a knowledgeable attacker can jailbreak a phone and gain access to a decrypted version of the Kevo key app. Using tools like disassemblers, they can then seek out the methods used to secure the keys within the app and potentially reverse-engineer the protection or discover a method of creating new keys. They may also be able to force the app to accept new keys, essentially adding a master key to every one of these Bluetooth-enabled locks. That is actually not as likely as the criminal’s finding a way to attack a single target’s locks.

Future of Physical Security?
Locks are not invincible, not even high-tech locks. The more such locks are installed, the greater the incentive for robbers to break in through technical means. Why steal one set of keys if they can attack a smartphone app and steal all the keys? Fortunately, as the crooks start to take notice of such devices, so will security researchers. Unlike the bad guys, security folks will test these locks and help them improve. I’m sure my smartphone-toting, key-forgetting friend will appreciate that.

The post House Keys Under the Doormat? Nope, in Your Phone appeared first on McAfee Blogs.

Weak Passwords Can Cost You Everything

If your computer or mobile was hacked or your passwords were cracked and your data was lost or if all the websites you have an account with were hacked and all that information was the hands of a criminal, how devastated will you be?

In McAfee’s study on the value of digital assets, consumers estimated the total value of all their digital assets on multiple devices at an average of $35,000. Digital assets include: music downloads, videos, photos, apps, emails, text messages, health/financial/insurance records, resumes/CVs, portfolios, contacts, recipes, etc.

Nowadays, if you’re shopping, banking or using social media sites online, you need a user name and password. If you’re like most people, you probably take the easy way out and use the same user name and password for every new site you access.

The challenge is that some sites let you use numbers and symbols in your password and some don’t, or the user name you want may be taken. And an even bigger problem is with all those valuable assets we store on our devices, you are leaving yourself open to exposure by using the same password everywhere—if one account ends up getting hacked, all your accounts could be hacked.

Did you know that?

  • Over 60% of us have 3+ digital devices
  • 55% of us store digital assets on these devices that would be impossible to recreate, re-download or re-purchase
  • Over 75% of us visit 5 or more sites regularly that require passwords
  • 63% of us use easy to remember passwords or use the same password for most sites
  • 17% of us do little to nothing to protect our passwords


You need a better plan

  • Make sure you use different passwords for each of your accounts
  • Always log off if you leave your device and anyone is around and don’t use the “remember me” function on your browser or mobile apps
  • Avoid entering passwords on computers you don’t control (like computers at an Internet café or library) or when using unsecured Wi-Fi connections (like at the airport or a coffee shop)
  • Don’t tell anyone your password—your trusted friend now might not be your friend in the future
  • Depending on the sensitivity of the information being protected, you should change your passwords periodically, and avoid reusing a password for at least one year.
  • Use comprehensive security software on ALL your devices (not just your PC!), like McAfee LiveSafe™ service, that comes with a password manager that securely stores your usernames and passwords to your favorite sites, and logs in for you—with just one click


Here’s some tips on how to create a strong password. Remember, your password is often your first line of defense—protect yourself!

And don’t forget to play The $35,000 Question game on Facebook for a chance to win some prizes, while learning about protecting your digital assets!

The post Weak Passwords Can Cost You Everything appeared first on McAfee Blogs.

How Do Your Digital Assets Compare?

My Dad is in his mid 60’s and retired. And the man knows how to live. A day doesn’t go by without him taking a class and learning something new.

But one thing he’s always been behind on is technology. His generation missed it by about 20 years. So for the past 5 years I’ve been pushing him to get an iPhone. He swore he’d never text and wouldn’t need the Internet on the go. Recently he got one, and now I’m getting text messages every 10 minutes from him. He takes Apple classes and teaches me things about the iPhone I never knew.

Today McAfee released the results of their Digital Assets survey and found that most people are connected and are spending more time online and getting more devices. How do you stack up?

  • Nearly 90% (88%) of consumers own multiple digital devices, with 62% owning three or more and 20% owning 5 or more
  • More than half consumers (51%) spend 15 hours or more on their digital devices for personal use each week, which equates to more than two hours per day—men spend more time than women on their devices

And with the explosion of all the digital devices, we are storing more and more assets on these devices. In fact the study showed that on average globally we have over $35,000 worth of assets stored on our devices. This includes things like:

  • Personal memories (photos, videos) are what we as consumers value the most and women value these more than men
  • Consumers in Singapore, Brazil and Germany place a higher value on personal records (health information, financial records, wills/trusts) than consumers in other countries
  • Not surprising, millenials (18-24 year olds) who grew up in the digital world (and have probably never owned a CD), place a higher value on entertainment files (music, tv shows, ebooks, video games, apps) than other age groups and consumers in India rate their entertainment files higher than other countries
  • Italian and UK consumers have the most personal communication assets stored on their digital devices

And while we have all these device and have valuable assets on them, we don’t take enough precautions to protect our valuable assets. Nearly 15% of consumers globally don’t have comprehensive security on ANY of their devices and 20% are unfamiliar with cyber risks and security dangers.

Yet, most consumers (72%) are concerned with identity theft, monetary theft or fraud when online and 55% of us store digital assets on our devices that would be impossible to recreate, re-download or re-purchase.



That’s why with all that’s at stake, protecting all your devices and the data on them has never been more critical. That’s why McAfee today announced McAfee LiveSafe™ service, the first unlimited cross-device security service to use cutting-edge facial and voice recognition technology to protect users’ digital lives.

At this point even my old man knows securing your digital assets is a requirement. And it doesn’t matter if you are on a PC, Mac or mobile, bad guys are targeting anyone connected to the Net.

If you’d like to see if you know about the value of your digital assets, play the $35,000 Question game on Facebook and enter to win some prizes like an Ultrabook!


Robert Siciliano is an Online Security Expert to McAfee. He is the author of 99 Things You Wish You Knew Before Your Mobile was Hacked!  (Disclosures)


The post How Do Your Digital Assets Compare? appeared first on McAfee Blogs.

Are you Hackable or Uncrackable? “Password Day” is Today!

Yes, such a day exists and it’s today, May 7th 2013. Intel and McAfee are working to make sure consumers increase their security awareness and front line of digital protection by asking everyone to change their passwords today.

Reuse of passwords across multiple sites is a big problem. In the digital world, many of us are much more vulnerable than we need to be. For example, it’s very likely that your Amazon password is the same as your Gmail password and also the same one you use for online banking and your Facebook account.

In fact, 74% of Internet users use the same password across multiple websites1, so if a hacker gets your password, they now have access to all your accounts. Reusing passwords for email, banking, and social media accounts can lead to identity theft and financial loss.

And what’s worse is that many people use simple, easy to guess passwords. A recent study found that the most common passwords people use are “password,” “123456,” and “12345678.”2 No wonder cybercriminals are finding it so easy to get into our accounts.

The solution is as simple as changing your habits. Take a moment to protect yourself in a basic area of security, and you can save hours of trouble. In fact you can test how hackable your password is with this tool from Intel.

If you need help moving from just one password, here’s a trick: Use one for your bank accounts, another for email and social networking accounts, so if your email account gets hacked, your bank account isn’t compromised. For more tips on how to create a simple, secure password, read this article.


Here are some other tips to protect your password:

  • Avoid logging onto sites that require passwords on public computers, such as those at an Internet café or library—these computers may contain malware that could “record” what you are typing.
  • Avoid entering passwords when using unsecured Wi-Fi connections, such as at an airport or in a coffee shop—your passwords and other data can be intercepted by hackers over this unsecured connection.
  • Don’t use the “remember me” function on your browser or within apps—if you walk away or lose your device, someone could easily login to your accounts.
  • Use comprehensive security software on all your devices, like McAfee All Access, and keep it up to date to avoid malware that could “see” what you are typing on your device or unknowingly send data to hackers.


Password Day is more than a day, it’s a way of life. Don’t leave the backdoor to your life open. Pledge to change yours today.

For more information, join @Intel, @McAfeeConsumer, @StopThnkConnect and @Cyber (the Department of Homeland Security) for a tweet chat today at 3pm ET on protecting your passwords. To participate simply use the hashtag #ChatSTC.



Robert Siciliano is an Online Security Expert to McAfee. He is the author of 99 Things You Wish You Knew Before Your Mobile was Hacked!  (Disclosures)


1 Intel

The post Are you Hackable or Uncrackable? “Password Day” is Today! appeared first on McAfee Blogs.

Graduates: 10 Things Not to Do on Social Networks

You’ve done it. You’ve graduated at last. Your whole life is in front of you. Now is the time to make plans, embrace the world, take responsibility, make a statement, do some good and make this place better than how you found it.

And this should go without saying, but please don’t be stupid.

I’m not preaching here; the fact is I am fully qualified to discuss this topic because every day when I wake up, I tell myself, “Today I’m not going to say something stupid.” But, being human, I often do or say stupid stuff. However, rarely do I make it public online.

Listen. I know it’s hard. I know you can’t help yourself. I know you think you know everything and I know you are telling me to shut up. But in the words of the lovely and talented Fire Marshal Bill: “LET ME TELL YA SOMETHING!”

What you say, do, post, like and even whom you friend on social networks will affect every moment of your life going forward. Social is the new norm, and even adults are guilty of the stupidity of putting something online that gets them busted.

With graduation coming and millions of you getting ready to enter the workforce, you need to be aware of what is and isn’t appropriate in the professional world. While many employers expect that their employees will maintain social media profiles and even support work initiatives via those channels, as a new grad, you need to be aware that your missteps in social media could taint your employer’s image and damage your professional reputation. When people do not use good judgment when posting and share the wrong content with the wrong people, they can jeopardize their careers.

According to McAfee’s Love, Relationships and Technology study, 13.7% of millenials (18-24 year olds) know someone who was fired because of personal images or messages that had been publicly posted and 13% of adults have had their personal content leaked to others without their permission


It’s time to face the facts.

  2. Don’t do that! Learn from other people’s mistakes. When you see someone get in trouble, fired or arrested, DON’T DO THAT.
  3. Don’t friend people you don’t know.
  4. Don’t take or allow others to photograph/video you with alcohol in your hands, drinking, smoking, doing anything illegal, scantily clad (or less) or making those stupid faces. You are an adult now.
  5. Don’t like, share or retweet racist, homophobic or off-color media or comments that make you look like a jerk.
  6. Don’t swear. EVER. It’s OK to say flippin’, freakin’, heck, maybe even effing, and shite. But once you start dropping F bombs, you look like an angry, uncouth juvenile delinquent. And seriously, I swear like cage match fighter—but not online.
  7. Don’t log on while amorous or inebriated. Nothing good can come of that.
  8. Don’t ever talk about anyone in authority—your boss, coworkers, teachers, students, the president or anyone, for that matter—in a negative tone. Seriously. Unless the person is a serial killer or oppressive dictator, play nice.
  9. Don’t be so public. Lock down your settings. Most social networks have privacy settings that need to be administered at the highest level. Default settings generally leave your networks wide open to attack.
  10. As Howard Stern’s dad used to say to him: “I told you not to be stupid, you moron.”

You have been warned.



Robert Siciliano is an Online Security Evangelist to McAfee. Watch him discussing information he found on used electronic devices YouTube. (Disclosures)

The post Graduates: 10 Things Not to Do on Social Networks appeared first on McAfee Blogs.