Stolen cellphone causes data breach

January 18th, 2015


Albany, New York-based St. Peter’s Health Partners revealed that its manager cellphone got stolen and may lead to potential healthcare data breach.  The affected entity involved emails from the cellphone. After the investigation by St. Peter’s officials, it was determined that the cellphone was not encrypted.


According to the reports, the stolen cellphone may have contained emails that included patient appointment scheduling information for St. Peter’s.  Emails within the stolen device did not include any health record information or information on inpatient hospital treatment or emergency care.


Officials at the healthcare facility said there is no indication that emails have been accessed or viewed at this time. According to the news source, they believed the theft was random. After the incident, St. Peter’s reviewed all mobile devices networked to its corporate email system to ensure security compliance in response to this incident.


Steps to prevent data breach – cellphones:


  • Proper antivirus should be installed on cellphones
  • Periodically change the password to the corporate accounts
  • Encryption of the cellphone
  • Don’t install malicious software
  • Visual notifications for abnormal activity
  • Biometric identification
  • Using secured network access
  • Conducting security audit
  • User awareness about the proper usage


Alertsec strengthens security


Alertsec has created a web based encryption service that radically simplifies deployment and management of PC encryption by using industry leading Check Point Full Disk Encryption (former Pointsec) software.


Organizations, especially corporate giants, have to have an information security policy in place that proves they have taken necessary steps and measures to safeguard the information they gathered. If these policies are not adhered to, the regulators may prosecute.


Alertsec Xpress is used by organizations that have recognized the need to protect their information. Customers range from single-user sole traders and consultants to multinational companies with a large number of offices around the globe. Over 4 million users worldwide use Alertsec Xpress’s Check Point Full Disk Encryption.

Traffic control The man in the middle

May 13th, 2013

Data sent by GPS applications such as Google maps and Waze can be altered hence control navigation routes of other drivers and even cause traffic jams. That is, if hackers would be interested in it, they would be able to affect the real-time traffic in order to trick users in travelling to the busiest traffic centers, rather than to open road, or to any track or spot they desire.

Both applications allow users to navigate through the use of information obtained from their devices, along with other devices currently on the road – and analyze the real-time traffic in order to offer the ideal route. But just at this point hackers can cause damage and change the route, anonymously and without being discovered by the applications, and to persuade users to take completely different tracks than they should.

Those apps use GPS sensors and Wifi in Smartphone devices in order to track the location of the user. If Wifi

is enabled and alone, you can get information only on the wireless access points and area of radio cells around the user, which helps calculate the approximate location? Google for its part uses real-time traffic information that is sent using TLS protocol (Transport Layer Security) designed to send the user’s location in a protected and secure mode.

While the protocol itself ensures the reliability of the data, which makes it impossible to attack or monitor the phone without Google’s notice, there is a work around that allows controlling the data itself. This is called ‘man-in-the-middle’ – We used Android 4.0.4, placing hack just before the security protocol allows to control the information sent from the Smartphone, without being detected by Google.

Google receives information from the device without approval or user’s current location check, and that’s how it possible to change the driving route to and from any point in the world.

Obviously, in order to have a significant impact on the traffic, you have to create large number of different users.

A similar attack can be associated with Waze, but this application is much more difficult to affect drivers and navigation process, since the app connects the user’s location with an account. Thus, an attacker who wants to change the traffic to simulate more vehicles would need to create multiple accounts with different email addresses.

Companies that offer navigation applications can avoid these attacks by linking the information about the current location of the user to a one-time approval cataloged by the hour and will be limited in time. Thus, applications can limit the maximum amount of information sent or received by any device, and by that effectively offer another layer of security to their internal system.

Get your personal as well as office laptops encrypted by Alertsec

Unencrypted laptops present a major risk of data loss. 80% of information theft is due to lost or stolen laptops and other equipment. About 50% of network intrusions are performed with credentials gathered from lost or stolen devices. The penalties for a data breach are severe not only in terms of the monetary fines imposed on the organization, but also the potential loss of trust from customers and suppliers. Encryption software greatly enhances the security of your organization’s data as the information is not compromised if a laptop is lost or stolen.

Alertsec Xpress is the full disk encryption service that delivers a mobile data protection system for all information stored on laptops used throughout your organization.

Enhanced by Zemanta