Eric wants to know what can happen to his iPhone if he's on an unsecured wifi network, like a local hotspot? He transferred his passwords from one phone to another. Leo says that browsers now are checking a database of breaches, and they can let you know what websites have been compromised. So it's unlikely your passwords werre compromised. But the website you visit could have been, and therefore your passwords may be vulnerable. To verify, check out HaveIBeenPwned.com.
security and privacy
Hackers are bragging that they have breached the servers of T-Mobile and have managed to grab the customer data of over 100 million customers, including social security numbers, driver's license numbers, IMEI data, and more. And they are selling it. T-Mobile says they have plugged the break and are "investigating" it, but Leo says this is a mess for T-Mobile if proven true. And according to experts who have seen samples of the data, it looks legit.
Alan is a huge Samsung fan but keeps hearing that iPhones are more secure. Is that true? Leo says that they're both very secure, though Android phones are encrypted at the software level, while iPhones use a hardware secure enclave to keep encryption keys. Apple's iTunes store is more secure than the Play store only because it has a tougher standard for approving apps. But if the Pentagon approves Android phones for use, that is a pretty good seal of approval. Having said that, users can "sideload" third-party apps if they turn off the security feature.
Microsoft says that a recent zero-day flaw has been patched in 92% of servers. But Leo says that doesn't mean that a bad guy hasn't gotten into the system before it was patched. So they could still be compromised.
A new study indicates that both Apple and Google phones share data with companies every four minutes, causing potential privacy concerns. According to the Irish study, Google phones dial home more often than iOS devices. However, Leo takes it with a grain of salt, as the study doesn't break down what the data really is. Location? Activity? And what else is new about smartphones? That's how they work. So Leo says that the headline is more "scare quotes," and the payoff really isn't.
Kyle is working from home and wants to beef up his home network security. Leo says that Kyle's work is probably using "endpoint security," which uses software on Kyle's computer to protect him. So he wants to be careful not to compete with that. Being on a home network with IoT devices, though, could be a weak link.
Ed rented a car recently and it came with Apple CarPlay. Is that secure? Leo says it is because Apple makes it really difficult to break encryption. You just want to be sure to remove your device after you're done with the car rental. Select "Forget Device." Or don't use the car's internal telematic systems. Just the CarPlay.
There's also a setting in Apple CarPlay that says "do not copy my contacts" to the car. Make sure you enable that so your contacts won't get transferred to the car's hands-free system.
Lori googled how to remove remote access apps on her Mac, and she was able to remove them after Apple walked her through it. But she's worried that she didn't get it all. Leo says that if Apple took them off, it's a good chance Lori is fine. It's easy to get paranoid about a computer because it does a lot of things we don't understand. The only concern is that when Lori gave the original technician remote access, that he could've installed something else she doesn't know about. If she's really worried, she can always back up her data, format her hard drive, and then reinstall macOS.
After getting a phishing scam email, Karen ran a malware scan with Windows Defender and it found a "severe threat" called a Trojan-Downloader. Windows Defender blocked it, but is she still compromised? Leo says that everyone gets those, and it's not a side effect of a virus on your system. So if Defender found one and blocked it, you're safe from it.
Glen wants to know if ransomware can happen if you unplug your backup from the network. Leo says not until he plugs it back in. But it's less likely with a home-based system than say, a commercial network. So clean up the infected computer before reconnecting the backup, otherwise, it could infect it. A lot of ransomware also has time-released capability. It may not infect right away. So if Glen has backup unplugged from the network, he should keep it that way until he's wiped the hard drive and removed the ransomware.