Speaking at the opening keynote at the TMRW Conference, noted hacker Samy Kamkar has urged companies to make “better decisions” about how they use technology, and “be more transparent”.
At TMRW, a conference within IP Expo Manchester, the author of many hacks including the infamous MySpace Samy worm back in 2005, was abundant with examples of how malicious actors are able to exploit data shared by unwitting users with services that appear completely benign.
Such examples included Kamkar’s own SkyJack, which uses Wi-Fi to take over control of drones.“I am one of the biggest proponents of new technology, but I think we also need to pay attention to the security implications and some of the things that can come about [through poor security],” he said.
Kamkar also raised the alarm on services that exploit data shared through social media – for example PleaseRobMe.com, which tracks Twitter users’ shared locations, proving they are out of the house and potentially susceptible to burglary.
Another example that Kamkar highlighted as having particular personal interest was the case of John McAfee, who was arrested in Guatemala based on GPS data contained in a digital photograph shared by Vice magazine.
The McAfee case got Kamkar “really interested in geo-location”, leading to his research into how smartphones track users’ location, including the location of Wi-Fi networks they connect to.
“We have an invisible word and there are so many interesting ways of getting data from the air. We are not quite aware of it as a daily user. It’s just too much to keep up with.”
In a call to action, Kamkar urged users to take more notice of how they are leaving a trail of data cross the internet: “I want us to make better decisions and I want companies to be more transparent. People want to know if, when they capture an image, their GPS co-ordinates are in there.”
The hacker also advised users not to enter personal information on websites until they accept the risk. Users should always minimize the amount of sensitive information they send out based on need, he said – for example, don’t sign up for Google Wallet unless you really intend to make use of that service regularly.
Kamkar, however, is not from the school of thought that suggests all corporations have a sinister agenda when it comes to mass surveillance.
“I believe that a lot of major companies are looking out for us, but what if a hacker gets in? You should be cognizant of that fact.”
Kamkar also delivered some top tips for tech users to stay more secure: Use encryption software like TruCrypt; use services like PayPal to avoid having to enter card details to many different services; always read the manual; and reset default passwords.