Credit Union Geek

Marketing, Strategy, and The Force by Joe Winn

Tag: all your base are belong to us

Data Security: Car Edition. Really.

Originally published on CUInsight.com

When you hear “data security”, what comes to mind? Your laptop? Phone? Internet of Things “smart” oven? (I’d hate to let a hacker know how badly I burnt that casserole)

Anything else? How about your computer on wheels?

Modern cars are rolling supercomputers. They have dozens of systems collecting unique data to make your driving experience safer, more enjoyable, and sometimes more distracting. For example, the traction control computer collects information on road conditions hundreds of times a second. However, it’s probably not a source of identity theft (though what could be learned from its records would surprise you). Nor is the network of proximity sensors to help you navigate tight areas.

Your car does contain a number of personalized systems. Let’s look at the big ones:

GPS: Your car knows where it is at all times, where it has been, the paths you take, and even the speed at which those drives were made.

Bluetooth: When you pair your phone, it does more than share a 4-digit code. To automatically reconnect, the car remembers your phone’s unique ID. This isn’t a huge privacy issue on its own, but today’s cars save far more. To make dialing easier, a lot of systems import your contacts and synchronize your text messages. No big deal, just your entire phone book and call/text history.

HomeLink: Do you have buttons on your mirror or visor? Do they open your gate/garage? Then you have HomeLink. These can even support turning on/off lights, though new smart integrations have made that a bit redundant. Combined with the GPS history, this is the biggest privacy risk in your car. The former tells anyone in the car where your house is located. The latter Opens. Your. Home.

Those are the big three. Others vary by manufacturer and features. Things like a custom entry code (many Ford vehicles still use this feature…do not choose a birthday!) are seen on occasion. App integration is becoming more common, making your phone an advanced car key.

So, what of all these features? I’m a huge fan of integrations which make sense, and I use them often. However, I also know there is a level of security necessary. To add a small degree, I never program my actual home address into the GPS. The “point” is around the entrance to my community, not in my driveway. Do you really need those last 4 turns? Granted, someone could just find my address on the registration, but I’m hoping a potential thief is just too dumb to consider such an option. Why make it easy? Note: My garage opener doesn’t reach from the home “point”.

It’s good to know what these features can reveal while you have the car, but what about when you sell it?  Given the privacy/security risk inherent, I find it almost criminal that an easy “I’m selling my car, delete everything” button is not available in every car. For mine, I’ve had to do the following:

  1. Delete my phone pairing from the car.
  2. Remove the “Home” location in my GPS.
  3. Remove all recent waypoints in the GPS.
  4. Reset the HomeLink buttons.
  5. Cancel/transfer satellite radio service (technically, with an active Radio ID, one can use a phishing strategy to get my personal information from SiriusXM)

You’re right, there is no direct credit union guidance in this post. However, given my recent experience in buying a new car, I felt it necessary enough to share. Be honest, how many cars do you think are traded-in with the prior owner’s home address and garage code?

Help protect your staff and membership by sharing this with everyone! (And along with every booked loan)

Image credit: That’s me, while owning two cars.

Is Your Computer Reminiscing You Into Insecurity?

The Internet is a unique place. Where else can you come in with antiques that are only a few years old? And even more, those “antiques” can put you in danger! Imagine if your car, at the end of the lease, was considered “obsolete”. So much for that ’65 muscle car! May as well get rid of it now before it explodes at a stoplight. Really, it’s only a matter of time!

Yes, the pace of digital improvement is staggering. As is the pace of obsolescence. Part of it is “planned”, where a manufacturer or developer wants you to buy their latest version, so they stop supporting the previous. Another aspect is opportunity cost. Keeping security and compatibility updates flowing for an older product requires staff time and resources. At what point does that investment become a losing proposition?

The core of our network-connected society has become the web browser. What used to be “just another program” on your computer has evolved into an operating system of its own. Suffice it to say, your trusty IE, Firefox, Safari, or Chrome (or Opera, if you’re one of the brave outliers) does an incredible amount of work behind the scenes. They are what allows us to receive notifications from websites, load full 3D games in a webpage, play back videos without additional software, and display engaging websites powered directly by the computer’s video card. If you want to see how far we’ve come, simply install an old version of Mozilla Firefox, say, 1.5 (from 2005), into your computer. Watch how slow browsing becomes, how many sites refuse to load, or do, but with horrid interfaces.

Unfortunately, with the good comes the bad. There are individuals and groups out there which want to do harm to your computer. Some for “fun”, others for profit, and still more for political motivations. As a result, your lock is always being picked. Good thing there are security teams devoted to closing these holes at every company! Security updates are the main reason why you receive regular updates on your computer…do them! Patch Tuesday, the monthly Windows Update, may include dozens of security fixes for the operating system and Internet Explorer. Each time you skip one of these, you are leaving your door unlocked for the person who knows where to look.

Which brings us to the point. I had a peek at my logs for credituniongeek.com. Between the period of November 17, 2014 and December 17th, 2014, my site was visited by potentially unsupported web browsers. 10.28% were using Internet Explorer 8, which, if you’re on XP, is no longer receiving security updates. An additional 4.67% were browsing on IE 7, an incarnation of the program which struggles to load much of the modern internet, and, as well, has unpatched security vulnerabilities. Read Microsoft’s official support policy.

I understand if your credit union has custom software running on old platforms. It’s expensive to change, and if it still serves your staff and members, why upgrade? That’s fine. But these systems cannot be connected to the public internet. Especially at a financial institution, this is asking for security breaches. Even with good procedures, it happens, all, the, time.

For the safety of your credit union, members, and staff, please update your public-facing systems.

© 2017 Credit Union Geek

Theme by Anders NorenUp ↑