Data breaches and location privacy hacks for Christmas
My latest Techspotting segment on KITV’s Good Morning Hawaii, where Maleko McDonnell and I discuss the recent Ring data breach and the bombshell New York Times report on how easy it is to track people, even with “anonymized” data.
Q: Gadgets are a big gift category every holiday, but the more smart devices you bring into your home, the more careful you have to be about security. The latest security breach hit a smart doorbell company?
A: Yes, the Ring video doorbell, which was such a successful product that Amazon bought the company. Ring now makes a lot of other home security devices, from baby nursery cameras to lights and full alarm systems. A week ago, one of those baby cams made national headlines when hackers took control of one, scared the baby, and taunted the family.
At the time, the company said the real problem was customers using the same passwords for different services. And to be sure, that’s one of the biggest security lapses you can make. Don’t do that.
But, now 3,600 Ring customer credentials have been found online. And the company is scrambling to contain the problem, emailing affected customers to tell them to change their passwords.
Data breaches are a daily scourge. You should be very careful with financial accounts and health accounts. But this news points out how vulnerable your actual home can be from hackers. You put these devices in your living rooms, bedrooms, bathrooms. And while the data itself may not be as sensitive, it can emotionally feel more threatening.
Q: Speaking of privacy, there was a bombshell report out of the New York Times exploring just how easy it is to get personal information on anyone in America, and even track your movements.
A: That’s right. And the journalists didn’t hack anything, or steal anything, or get access to a secret government database. They just went to data brokers, legitamate companies that aggregate data, and bought a huge chunk of it.
With a data file that had 50 billion location “pings” transmitted by smartphones, they had location information on 12 million people. And they could dig around in that data to find out all sorts of things. They were able to tracked visitors to locations such as the Playboy Mansion, Johnny Depp’s estate, and President Trump’s Mar-a-Lago resort in Palm Beach.
By following specific data points of individual phones — even though they didn’t get names with the data — they could figure out who specific people were by where they went, including President Trump. They tracked him between his appointments, and appointments not on his public calendar. And they could do the same for you. You just have to look for location pings from someone who’s where you live every day and goes to where you work every day, then follow that device everywhere else.
It’s scary stuff. And it shows how “anonymous data” isn’t really that anonymous.