CBS 58 Investigates: Can your life get hacked?
MILWAUKEE (CBS 58) -- New technology makes life more convenient, but it could be putting you at risk of being hacked in more ways than you think.
Computer hack expose millions of Americans' personal information every year. Huge companies like Uber, Target and Equifax have all been victims of major security breaches. But individuals can be hit by hackers too.
CBS 58 Investigates wanted to know just how vulnerable we are and what better way to find out than to have hackers target CBS 58 Investigates reporter Kristen Barbaresi.
We started at Cyphercon, Milwaukee’s annual hacker convention. CBS 58 Investigates went inside, where hundreds of hackers are testing their skills and learning new ones, breaking in to computers, circuit boards, cellphones and even cars.
“They like to find security problems in existing products and then teach people how to fix those problems,” said Joe Grand, a hacker.
Most of the hackers at Cyphercon are what’s known as “white hat" or ethical hackers.
“Our attendees are the exact people trying to protect our digital life,” said Michael Goetzman, a hacker and organizer of Cyphercon.
It’s what they call the “black hat” hackers you need to worry about, the ones who have malicious intent.
One of the companies at Cyphercon, Rescue Dog Technology, helps businesses prevent cyberattacks.
“In a typical year, at least 50 to 60 percent of our businesses have some sort of an outside attack.,” said Geoff Gardiner, the owner of Rescue Dog Technology.
So how do hackers get in? Gardiner says an increasingly common way is phishing emails.
“I can send you an email and you open it up and click on the link, that gives me full access to your system internally,” Gardiner said.
Gardiner sent several phishing emails to his clients as a test. He also sent some to CBS 58 Investigates.
“Your company rejected it, even before it got to you,” Gardiner told CBS 58 Investigators.
But other people Gardiner emailed did open it.
“We sent out several to our clients,” Gardiner said. “We had about a three percent rate that did click on what we sent them.”
And that’s all it takes. Gardiner says hackers can send millions of emails quickly, and even if a small percentage are opened, the hackers can get ahold of your personal and financial information and do a lot of damage
“If I can get you to click on something and it’s so seamless that you don’t know, then I have unlimited access to your computer,” Gardiner said.
As CBS 58 Investigates found out these emails look a lot like legitimate emails we get every day.
“[It can] look like a regular LinkedIn request,” GAridner said.
Others look like an email from FedEx saying they’re trying to deliver a package, another is a receipt from Apple for iCloud storage.
Gardiner sends these emails to his clients as a test, and if they fall for it, they’re automatically sent to a training video to learn what they did wrong and how to fix it.
Here are some tips to spot a phishing attack: Be cautious of emails, sent to your work or personal accounts, that you weren’t expecting and that ask you to click a link and make sure you know the sender.
But emails are just the beginning of the ways CBS 58 Investigates learned we can be hacked.
Back at Cyphercon we met Caleb Madrigal. His day job is helping companies like Equifax and Target recover from major hacking attacks. But on the side, he’s looking at how wireless devices, which use radio waves, can be hacked.
“If I have a video recorder and you say something, I can obviously replay that very easily,” Madrigal said. “Well it’s the same concept but with radio waves. It’s that simple.”
Madrigal first tried it on his car’s keyless entry.
Here’s how it works: when you click lock or unlock on your key it sends a radio wave signal to the car. Madrigal has a device, that you can easily buy online, which records the signal. Then he replays the recording.
Reporter Kristen Barbaresi wanted to see if he could use the device, which is connected to his lap top, to hack her car. It only took him a few seconds to seamlessly unlock her car doors, as if he had his own key.
“We’re talking about cars but can this technology be used for other kinds of electronic hacking?” Barbaresi asked Madrigal.
“Oh yeah, garage doors, wireless security systems,” Madrigal responded.
Also things like GPS, Cellphones, bluetooth and virtual assistants like Google Home and Amazon Echo.
Madrigal even hacked the wireless microphone CBS 58 used to interview him, and was able to capture the audio on his computer.
Madrigal says this type of technology could be used to interfere with emergency siren systems, hospitals and power plants.
“Some people are already making this kind of thing, weaponized,” Madrigal said.
And with technology constantly evolving, there will always be vulnerabilities. That’s why conferences, like Cyphercon, are important to help companies stay ahead of the curve and those “black hat” hackers.
As for people like you and me, hackers say little things can make a big difference. Use strong passwords and different passwords for every device and account. Always keep your devices updated because those updates usually include security improvements. And be careful about the information you’re sending out when you’re using devices on public networks.
“I think the real way you can protect yourself is do research on the products that you are connecting in to your home network,” Grand said.
Some wireless devices are more secure than others and Grand says you have to decide if the convenience of a device is worth the risk.
Rescue Dog Technology says you can use the acronym “F.A.K.E.” to help you determine if an email is safe.
F – Feelings – Does the email invoke fear or curiosity?
A – Action – Does the email ask you to do something? Click a link, go to a site?
K – Know the sender. Do you know the sender? Does the email address match the sender? If you hover over the email, does the email match the displayed name?
E – Expected – was the email expected? Were you expecting an email from this person?
If you think you’ve been phished, run a virus scan immediately or take your device to an expert.
If you want more information about Cyphercon click here.