Latest news with #hackers
Forbes
an hour ago
- General
- Forbes
How To Make A Good Password – 4 Strong Password Examples
A good password is one that's impossible to guess. One of the simplest ways for a hacker to gain control of your online accounts is by getting hold of your password. Sometimes, they do this through brute force attacks — automatically checking millions of random permutations — or by working through words in the dictionary. Sometimes, they'll use credential stuffing, exploiting the fact that many people reuse passwords across different sites. We're constantly told that it's important to always use really strong passwords — but what does this mean in practice? We look at how to create a strong password and help keep your online accounts safe from attack. A good password is, essentially, one that it's impossible or very difficult for an attacker to guess. That means avoiding anything obvious — 'password' or '123456' for example, both of which are surprisingly frequently used. Generally speaking, the longer a password is, the better, and it should include a combination of upper-case letters, lower-case letters, numbers and symbols. While a combination of real words and other symbol is fine, using the name of your child or your favorite sports team is a really bad idea. And you should make sure that each password you use is unique — never reuse a password, or even a very similar one — across more than one site. If you're coming up with a password yourself, you could, of course, simply bash your keyboard at random and use whatever comes out — and that's actually not a bad way of doing it. You should make sure that whatever you come up with is reasonably long and complex. Some cyber experts recommend using a passphrase — several words strung together — as a starting point; although anything like a song lyric or famous quotation is a really bad idea. It's also less clever than you might think to use special characters in place of normal letters — pa$$w0rd', or the like — as hackers are on to that one. Finally, there are a number of password generators online that will come up with one for you that should fulfill all the criteria for a good password. Using a random string of upper- and lower-case letters, symbols and numbers should usually generate a very strong password. The longer it is the better, with security experts recommending that it should have at least 14 characters. Obviously, this won't exactly be easy to remember — but there are dozens of free password manager services online that you can use to do the job for you. To create a password that's secure but a little easier to remember, many security agencies, including the U.S.'s Cybersecurity and Infrastructure Security Agency, suggest the use of a passphrase. One way to do this is to think of three random words and string them together — needless to say, they should be random, rather than a part of a well-known phrase or something based on personal information, such as 'MyCatTibbles', for example. Perhaps the simplest solution for coming up with a really strong password is to use a password generator, which does all the hard work for you. Password generators use random number generators to create strong, random passwords with no patterns or predictable sequences. Most allow you to customize your passwords, and will store them securely — so that the only one you'll have to remember is the one for the password manager itself. When it comes to creating a strong password, the longer it is, the better. It's usually recommended that it should have at least 14 characters. A strong password will usually contain a mixture of upper- and lower-case letters, numbers and symbols, although it's also possible to create a good one by stringing together a series of unrelated words. There's no need to tailor a password to a particular site, although some will require you, for example, to use a minimum number of characters or to include numbers or symbols. One hard-and-fast rule is that you should never reuse the same or very similar passwords on more than one site — and don't use any of the examples given below, just in case hackers are reading this article too. This password — 'qo34inhj#';[ladfbyulB' — was produced by hitting the keyboard randomly, and includes a mixture of letters and other characters. It's a good length, contains no personal information, and is obviously impossible to guess. It does have one flaw, which is the lack of an upper-case letter — adding a couple in would make it even stronger. A passphrase consisting of several real words is an awful lot easer to remember than a randomly-generated password, making it an attractive option. However, you shouldn't be tempted to use related words or a quotation, such as 'BigBrownDog' or 'ShallICompareThee', as this could potentially be guessable. Instead, use completely unrelated words, such as 'BillPlantKitchenEngine'. A passphrase will be stronger if it, too, contains numbers or special symbols: 'Bill&PlantKitchenEngine1', for example. An ideal password is one that you can remember, but others can't guess, and one possibility is to create one based on a string of characters that means something to you, but nothing to anyone else. You could, for example, start with the sentence 'My new house is in San Francisco and is painted white with blue trim'; then take the last letter of each word to come up with 'ywesnnodsdehem'. This does have the failing that it lacks upper-case letters or symbols, but could easily be improved by adding a couple in. Some sites allow you to use alternative methods to verify your identity and access your account. This may be facial recognition, a fingerprint or a passkey, which will be sent to you by text or email and which you then use to sign in. All these methods are more secure than passwords — and in the case of biometric identification, are also quicker to use and a good deal less hassle. Bottom Line We're constantly told about the importance of using a strong, unique password — but it's not necessarily clear how to do that. A good password is one that's impossible to guess, so you should avoid anything obvious or based on findable information, like your children's names. Go for something long, with a mixture of letters and symbols instead. How Often Should You Change Your Password? However strong your passwords are, it's a good idea to change them regularly — especially passwords for sensitive accounts like your bank or other financial services. Many experts recommend doing this every three months or so. You should also change all your passwords if you've been hacked, or if a service you use has experienced a data breach. Some security experts recommend changing passwords if you've used public wifi too. It's worth noting that, while some organizations demand that staff change their passwords regularly, this is considered a bad idea by cyber security authorities, as the hassle of doing it means that people are more likely to reuse passwords or even write them down. How Long Should A Password Be? Many sites impose a minimum length for a password, often eight characters, as the longer a password, the more secure it is. Security firms have different recommendations, but generally speaking suggest a minimum character count of between 12 and 20. There's no maximum — apart from the length of time you're prepared to spend typing — but anything longer than 30 or 40 characters is probably overkill. Some password generators create passwords of more than 100 characters, but as password managers store these for you, there's no extra hassle involved. Should You Be Password Recycling? While it's tempting to reuse your passwords from one account to another, there are very good reasons for using a radically different password for all of your online accounts. When criminals get hold of one of your passwords they will often use a technique called credential stuffing to try the same one against all your other accounts and potentially gain access. And, note, it's not enough to just change a password slightly — if you're using Tibbles123 on one account, they'll check Tibbles321, and other variations, too.
Forbes
a day ago
- General
- Forbes
New Phone PIN And Password Attack List Revealed — Do Not Wait, Act Now
Change your PIN code and password now if it's on these lists. Sometimes, the most critical security threats are right there in front of you. That's certainly the case when it comes to the passwords and PIN codes that you use to protect your devices, data and services. Here's the thing: when you opt for ease of use, memorability, something quick and simple to tap into your smartphone when you're on the move, you're playing into the hands of the hackers who would attack you. Unfortunately, the common perception of some geeky kid sitting a million miles away at a computer and using their genius to crack your password remotely is, well, as far from reality as you can get. Reports are circulating of an active campaign in which threat actors knock on doors, pretending to be from a bank, and actually request a PIN number in person on the doorstep. These, however, also fall into the expiation rather than the rule category. The truth is that criminals like the simple life as much as anyone else, and if your device, your accounts, can be hacked because you've used the wrong password or PIN, then all the better. Which is why, if yours are on this newly compiled list, you need to change them as an act of some urgency. Here's what you need to know. I must admit, the idea of someone knocking on your door to ask for a bank card and PIN struck me as utterly bizarre. But then again, he who dares wins isn't just the motto of the SAS, but seemingly the most brazen of social engineering hackers. The newly reported doorstep PIN theft campaign is targeting homes in South Africa, but that doesn't mean the rest of us can sit back and relax. I want to think that most readers are sensible enough not to fall for such a con, but what if the hacker already knows your PIN number and has a good idea of what your account passwords are? That's a real and present danger for many reading this article, and it's primarily due to inadequate critical security thinking. Regular readers of mine will be aware that password-stealing malware, commonly referred to as infostealers, has been running riot for years now. Despite the best efforts of the likes of Microsoft and global law enforcement to take down the leading players in this cybercrime circus, billions of passwords have been stolen and are available for sale on the dark web. The best advice I can give you is, as always, never to reuse any of your passwords across multiple devices, accounts and services. Never share the same password between even two logins, as you've just doubled the chance of getting hacked. But it gets worse when you realize that there are lists of passwords out there that you might already be using, even if only once, that are just as dangerous when it comes to potential compromise. And, sorry to be the bearer of even more bad news, the same applies to your smartphone PIN code. I am partly to blame, albeit in the cause of security awareness and in an attempt to change insecure behaviors, as I recently published lists of PIN codes and passwords that should be avoided. If you missed those original warnings, please do not ignore this one. Here is the ultimate combined list of passwords and PIN codes you should never use. If you are currently using any of these, you should change them as a matter of urgency. Let's start with the PINs. These are a combination of the most commonly used PIN codes that have been identified through the analysis of approximately 29 compromised PINs found in data breach databases, along with some that have been statistically determined to be the least likely to be used by anyone. Now, I know the latter statement sounds like they should be nowhere near a list of dangerous codes, but, and hear me out, as soon as those were published over ten years ago, and because they continue to be circulated as amongst the safest to use, the opposite actually applies. As a hacker, I'd certainly add them to my numbers to try, as people will likely choose them, thinking they are super secure. When it comes to passwords, the following list has been compiled using commonly used passwords that have appeared in global data breach databases across consumer and enterprise use, including various industry sectors. The takeaway being, of course, don't use any of them. If you are using any of these passwords or PIN codes, then it should go without saying that you need to change them immediately. If I know them, other readers know them, and hackers know them, that should be obvious. So, what are you waiting for?
Forbes
2 days ago
- General
- Forbes
Learn How To Tell If You've Been Hacked, And What To Do
The more devices and accounts you have, the more likely you are to be hacked, so it's a good idea to ... More stay alert to the warning signs. Most of us now have a number of different devices, accessing a wide spectrum of online accounts and services. Any of these can be hacked, with criminals attempting to use your identity to carry out scams and fraud. So how can you tell you've been hacked? There are a number of signs common to different accounts and devices, including unexpected logins, changes to settings that you didn't make, unauthorized financial transactions and more. We look at the warning signs that your account or device may have been compromised, and the steps you should take to put things right if it has. Hacking is the term for gaining access to a device, account or network by a third party. It isn't necessarily malicious — ethical hackers, for example, do this to check out an organization's potential vulnerability. Dorking, meanwhile, is usually carried out for nefarious means, but can also be a useful technique to improve search results. Generally, though, hackers are criminals attempting to steal data — perhaps your personal information, or even your financial details. They gain access through a number of different methods, from vulnerabilities in the device or service itself, or through techniques such as phishing, where victims are tricked into giving away crucial information. If successful, hackers may use your account to lure in more victims, spread malware or even empty your bank account. Any device that can be connected to the internet is at risk of being hacked — phones, tablets, PCs and Apple computers. It's even possible to hack smart home devices or smart cars. Hackers have a number of motivations. Generally, it's to steal personal data, which can then be sold on the dark web to other criminals, especially if it includes passwords, credit card details or other financial information that can be exploited to carry out scams. Some devices are more at risk than others — Apple, for example, has a reputation for protecting user security well. But whatever the device, it's possible to take measures to minimize the risk. There are a number of signs that your computer has been hacked. Often, the first sign is slow performance, or your computer freezing or crashing. Programs that you didn't install may appear, as may a deluge of pop-up ads; your password may be changed, and you could be locked out of accounts. If you have a website, you may see browser warnings, Google Search Console alerts, slow loading times, and unexpected redirects, along with the sending of spam emails. If your PC or Mac is hacked, your first step should be to unplug your machine and disconnect it from the internet. You should then change passwords and run a full virus scan. Signs that your phone has been hacked include a fast-draining battery or overheating, indicating that it's working in the background for somebody else. Bills may be higher than usual, and new apps may unexpectedly appear, along with unexpected notifications, unrequested 2FA codes or pop-ups. You may find that settings such as camera or microphone permissions have been changed — or even find yourself locked out of your Apple ID or Google account. If you do fall victim, you should start by changing all passwords and running a security scan; if all else fails, you should restore your phone to its factory settings. Hundreds of thousands of routers are hacked every year, with criminals generally exploiting a weak password or taking advantage of unpatched software vulnerabilities. Your browser may keep redirecting you, you may spot increased data usage, slow internet or unusual network activity, or discover that unfamiliar devices have been connected to your wifi. Your login credentials or router settings may have been changed without your knowledge. If you suspect that your router has been hacked, you should disconnect it and give it a factory reset, and change your password. You should then use an anti-virus package to check all your devices for malware. Hacking accounts can give criminals access to valuable data, which they can exploit for financial gain, and allow them to spread malware or scams. Frequent targets include Amazon, Apple ID, email, Google and Microsoft, with signs including passwords that don't work, or unexpected alerts about login attempts, password resets, or two-factor authentication. To minimize the risk and keep your accounts safe, it's a good idea to use a strong password and two-factor authentication. Signs that your Amazon account has been hacked include changes to your address, email, payment information. You may also receive notifications of password reset requests. Other common signs of a compromised Amazon account include purchase activity that you don't recognize, or reviews you didn't write being posted in your name. If you think your Amazon account has been hacked, you should change your password, enable two-factor authentication and run an anti-virus scan. You should also chack for any unauthorized financial activity. The main signs that your Apple ID has been hacked are access by a device you don't recognize or a password change that you didn't make. You may also spot unauthorized purchases on the App Store or iTunes. And if your Apple ID is hacked, it will give the criminals access to all your Apple devices, from a MacBook to an iPad or iPhone. If this happens to you, you should change your password, check your account information is correct, and, if you can't then access your account, go to then for help. Signs that your email account has been hacked include being unable to log in, unexpected or missing emails, unexpected changes to your password or account settings or alerts from your email provider itself. If it happens to you, change your password and run a virus scan. You should be able to recover your account by contacting your email provider and asking for a password reset. Signs that your Google account has been hacked include a password that no longer works, changes to your personal account or an alert from Google that there's been a sign-in to your account from a new device. You should sign into your account if you can, change your password and turn on two-step authentication. Scan for and delete any malware, and visit Google's account recovery page to regain control. There are a number of signs that your Microsoft account may have been hacked, including a notification from the company itself about potentially suspicious activity, for example a log-in from a new location. Emails you didn't write may be sent from your account, or your profile information changed. If your account is hacked, you should change your password, enable multi-factor authentication and update security settings. If you can't access your account, you should be able to recover it here. Signs that your Netflix account has been hacked include an email from Netflix itself, perhaps alerting you that a device has signed in from an unfamiliar location, changes to your payment method or perhaps being locked out altogether. You should immediately change your password and then sign out of all devices, remove any unauthorized payment methods through the Manage payment methods section, and contact Netflix support to report the suspicious activity. Social media accounts are a popular target for hackers, thanks to the vast amount of personal information they hold and the ability to use a compromised account to carry out scams and fraud. All platforms — from X and LinkedIn to WhatsApp and Snapchat — are vulnerable, though Facebook, Instagram, and Xr are the most frequently hacked. Staying safe is a matter of taking basic security measures like having a strong password and two-factor authentication, avoiding giving too much information away on social media and never reusing passwords from one site to another. Signs that your Facebook account has been hacked include messages from Facebook itself, changes to your profile information or strange messages being sent to your contacts. If it happens, you should change all your passwords immediately and tighten up your privacy settings. You should also warn friends and family to avoid engaging with any messages from your account. If you can't access your account yourself, you'll need to go to this Facebook help page, where you'll be led through the process to recover your account. Instagram is one of the most-hacked social media platforms, and it's usually easy to spot if it happens to you. You may discover that you can't log into your account, or posts, reels or stories that you didn't make may appear. If you can still log in, you should change your password and turn on two-factor authentication. If you can't log in, there are a number of steps you can take, depending on your type of account. If you've had a message from Instagram telling you that your email address has been changed, you may be able to fix this by clicking the 'Secure my account' link in the message. You can also ask for a login link or security code to be sent to the email address or phone associated with your account. You may discover that your LinkedIn account has been hacked via a message from the company, or because of suspicious activity on your profile, difficulty logging in or complaints from contacts about strange or spammy messages coming from your account. You should report the problem to LinkedIn here, change your password and review your active sessions to see where you're signed into LinkedIn right now. You should review all the email addresses and phone numbers associated with your LinkedIn account to make sure you can receive password reset messages from LinkedIn. Look out for, and delete, any rogue messages or posts on your account, and let all your contacts know what's happened. Signs that your Reddit account has been compromised include apps on your profile that you don't recognize or unusual IP history on your account activity page. You may start seeing votes, posts or comments that you didn't make, or receive an alert from Reddit itself. If you think your account has been hacked, you should contact the company — although users report that getting your account back can take up to a month. You should also change passwords and alert any other users that you interact with that your account has been hacked. Signs that your Snapchat account has been hacked include spam being sent from your account, new contacts appearing or unauthorized changes to the mobile number or email address associated with your account. You may also get an alert from the company telling you that someone has logged in to your account from an unfamiliar location, IP address or device. If you realize that your Snapchat account has been hacked, you should change your password and enable two-factor authentication. Verify your email and mobile number, and check for any unauthorized linked devices. Signs that your WhatsApp has been hacked include strange activity on your account, such as messages from unknown contacts, unread messages marked as read or receiving unsolicited verification codes. You may spot an unfamiliar device logged into your account or changes to your profile information. Recovering a WhatsApp account is usually pretty straightforward — you just need to sign into WhatsApp with your phone number and you'll be sent a six-digit code via SMS or a phone call to allow you to re-register. Signs that your X account may have been hacked include a password that won't work, unauthorized tweets or direct messages from your account, unexpected actions like follows or blocks and notifications from X itself. You'll need to change your password, make sure that the email address linked to your account is secure, check for viruses and revoke access for any third-party applications that you don't recognize. If you're still having problems, you can contact X's support team here for help. Bottom Line The more devices and accounts you have, the more likely you are to be hacked. It's a good idea to stay alert to the warning signs. But if it does happen to you, it's usually fixable if you know the right steps to take.
CNET
2 days ago
- Health
- CNET
Is It Really Safe to Buy an Old or Used Phone? Here's What You Need to Know
The best phones you can buy right now all come with top specs, a plethora of features and pro-level camera systems. But these flagship handsets, like the iPhone 16 Pro and Samsung Galaxy S25 Ultra, also demand a lot of cash if you want to slide them into your pocket. It's no surprise that many of us look toward more affordable options instead of opting for the latest model. You can save a bundle by looking toward used or older devices. After all, older hardware is usually fully capable of handling what you need it to, and it's more environmentally friendly to keep using phones for longer, rather than sending them to landfill. But while these old smartphones might be cheaper, they may not be safe to use, especially if you bought a used phone that's more than a few years old. The problem is that older phones might run outdated versions of Android or iOS, which means they often don't have critical security updates that can keep you and your data safe. If you're concerned about security and privacy -- and you should be -- here are some things to consider. Read more: Make Your Phone Last for Years With These Easy Tips What is a security patch for a phone OS? Hackers are constantly looking for cracks and holes in your phone's software to exploit. Whenever hackers discover a new hole, phone-makers usually get it fixed, and that fix is sent out to your phone to make sure that nobody can take advantage of it. That's a security patch. You'll likely have received plenty of them over time as cybercriminals are always trying to find new ways to circumvent the security on your phone. It's a continual game of cat and mouse, with hackers finding holes and software providers patching them up. And on the cycle goes. Most of the time, you'll never know about it, but it's the thing that's keeping your phone up to date and protected against known threats. Why do manufacturers stop sending out security patches? All manufacturers including Samsung, Sony, Google and OnePlus only provide support to a phone for so long. Each new handset that's released and each new version of Android requires new threat assessment and patching. That's a lot of work, and it means that finding and patching those holes for every single handset spanning years and years just becomes unfeasible. The HTC One M8, released in 2014, is no longer officially supported and doesn't get security patches. Andrew Hoyle/CNET As a result, Google and the phone-makers eventually have to cut off support for older handsets. Those handsets then will no longer receive security updates, meaning that when a threat is detected on that phone, it simply won't be fixed. So is using an out-of-date phone safe? As Christoph Hebeisen, director of the security intelligence company Lookout, explained, "We do not consider it safe to run a device that does not receive security patches. Critical security vulnerabilities become public knowledge every few weeks, or months, and once a system is out of support, then users who continue to run it become susceptible to exploitation of known vulnerabilities." According to Hebeisen, a vulnerable phone could allow full access to everything that's on your phone, including your personal and company emails, contact information, your banking details or audio of your phone calls. A hacker could continue to have access to this information for as long as you continue using the compromised handset. Read more: Best Portable Chargers and Power Banks for Android Phones Check to see if your phone has the latest software installed. Andrew Hoyle/CNET How do I know if my phone is too old? Finding out if your phone is still supported and receiving security patches often isn't straightforward. To start, go into Settings and check your software updates. Install the latest version that's available. Usually it'll give you some indication of when the phone was last updated. If your phone says it has the latest OS software, but that latest version was installed many months or even years ago, it's bad news. Your phone is probably no longer supported. Sadly, manufacturers don't give you a warning that tells you when they've dropped support for a phone, so you either find out through a rude awakening like I mentioned above, or figure it out yourself through some other means. Previously it was common that phones may only be supported for a few years, but thankfully most companies -- including Google and Samsung -- have upped their game, offering support for at least seven years on their recent generations of phone. Google's latest Pixel 9 and 9 Pro will still be safe to use into 2031, while Apple's iPhone XR, released six years ago, is still compatible with the latest version of iOS. Companies such as Fairphone take that even further, promising at least eight years of support, while even budget phones like the Nothing CMF Phone 2 Pro come with six years of support. But longer support periods have been something of a recent trend so if you're buying an older-generation phone on the used market, it's possible its support period may be shorter, and may even be out of support already. Despite having the latest software installed, the last security update for this Galaxy S6 was applied in 2018. That means that there are years of new exploits that this phone is susceptible to. Andrew Hoyle/CNET Finding out if your Android phone is supported will involve some digging. Samsung sent me its list after I contacted its PR team, and it's available online here, and while it makes it clear which phones are currently supported with updates, it doesn't say for how long those updates will continue. Google has a page that clearly tells you when your Pixel or Nexus phone will lose security support. (Spoiler alert: All Nexus and Pixel phones up to and including 2021's Pixel 5A are all out of their official support periods.) Your best place to start is with the support pages on your phone manufacturer's website. You might not notice immediately if your phone is out of date. The most obvious sign you're on old software might be when you look for new apps to download. Many apps will simply be incompatible due to the software and hardware limitations on your phone and you won't be able to install them. How can I tell if my phone has been hacked? Whether you'd ever notice if your phone's security was compromised is difficult to say. Cybercriminals don't exactly make it known they've accessed your device, so you'll need to look for signs. Popups that might appear on the phone are a big giveaway, as are any apps that suddenly appear that you didn't download. Also watch out for unexplained high data usage, as it could be that malicious apps are using a lot of data in the background. Other indicators can also include unusually high battery usage and sluggish performance, but both of these can also be attributed to using older hardware that degrades over time. Read more: Best Android VPNs How can I keep myself safe if I have an old phone? As Hebeisen says, the best way to keep yourself safe is simply to not use a phone that's no longer supported. If you're short on money, can't afford to upgrade just yet or you're using an older phone temporarily for whatever reason, there are a couple of things you can do that could help. The Galaxy S6 was released in 2015 and is no longer officially supported by Samsung. Andrew Hoyle/CNET First, you should make sure the phone has the latest software installed. If you bought it used, make sure to fully factory-reset the phone. Ensure that you only download apps from the Google Play Store (rather than from third-party or unofficial app stores) and certainly avoid installing apps by downloading the APK file from a website. This can often be a way that malicious software weasels its way into a phone. You can help protect your personal information by simply not giving too much away in the first place. Don't do any banking on the phone, don't sync your company email accounts and don't send sexy pictures or have sexy video chats until you're back on a protected device. (Even over a phone, it's important to practice safe sex.) According to Hebeisen, if you don't take such precautions, "this might enable an attacker to observe and manipulate almost everything happening on the device." That's a cold shower, right there.
Forbes
2 days ago
- Health
- Forbes
TSA Warns iPhone And Android Users—You Need This At Airport
New airport warning for smartphone users There is no subject that's more contentious in cyber security circles than so-called juice jacking. It generates fresh headlines most years, when one government agency or another issues a new alert ahead of the holidays. Stories are written and cyber eyebrows are raised — there are more stories than attacks. But still those stories come. But now a new warning suggests there may be a risk for travelers after all. Juice jacking theoretically strikes when you plug your phone into a public charging cable or socket at an airport or hotel, and instead of it being a dumb charger, it's a computer behind the scenes extracting data from your device. This is very different to dangerously crafted attack cables that include a malicious payload in the cable itself. The latest government warning (and headlines 1,2) come courtesy of TSA. 'When you're at an airport, do not plug your phone directly into a USB port,' it says. 'Bring your TSA-compliant power brick or battery pack and plug in there.' This is because 'hackers can install malware at USB ports (we've been told that's called 'juice/port jacking').' TSA also warns smartphone users 'don't use free public WiFi, especially if you're planning to make any online purchases. Do not ever enter any sensitive info while using unsecure WiFi.' This public Wi-Fi hijacking threat is almost as contentious as juice-jacking amongst cyber experts. TL;DR, while it comprises your location, any encrypted data flowing to or from your device from websites or apps should be safe. Your bigger risk is downloading an app from the malicious access point's splash page, filling in online forms, or being redirected to fraudulent login pages for Microsoft, Google or other accounts. The usual advice applies — use passkeys, don't log in to linked or popup windows but use usual channels, and don't give away personal information. You should also be wary of which Wi-Fi hotspots you connect to — are they the real service from the hotel or airport or mall you're in, or cleverly named fakes. As for juice jacking, there is now a nasty new twist to the existing narrative, which while theoretical for now, could fuel attacks that actually work. A new research paper has introduced 'a novel family of USB-based attacks' called ChoiceJacking, which the researchers say, 'is the first to bypass existing Juice Jacking mitigations. The Austrian research team "observed that these mitigations assume that an attacker cannot inject input events while establishing a data connection. However, we show that this assumption does not hold in practice. We present a platform-agnostic attack principle and three concrete attack techniques for Android and iOS that allow a malicious charger to autonomously spoof user input to enable its own data connection.' This is more an issue for Android than iOS, but it's not something for most users to worry about. That said, if you think you might be the target for attacks or if you travel to higher risk parts of the world, I would strongly recommend not using public charging points without some form of data shield or public WiFi without a VPN. You should also be wary of unlocking your device when it's plugged into anything you don't own and control. Interestingly, Google and Samsung have both been better defending devices against USB data extraction, albeit this masks itself as an accessory. There are also new updates for both iOS and Android to reboot devices locked for more than 3 days, which also protects against physical cable attacks. On ChoiceJacking, Kaspersky says 'both Apple and Google blocked these attack methods in iOS/iPadOS 18.4, and Android 15," but "unfortunately, on Android, the OS version alone doesn't guarantee your smartphone's safety… That's why Android users who have updated to Android 15 are advised to connect their smartphone to a known safe computer via a cable and check whether a password or biometric confirmation is required. If not — avoid public charging stations.'
