QR Codes, short for "Quick Response code", have become ubiquitous in our digital age, facilitating a wide range of applications from marketing to contactless payments. A QR code is a two-dimensional matrix barcode in a visually scannable format. Standard barcodes can only be read in one direction (top to bottom) which means they can only store a small amount of information. Alternatively, QR Codes are read in two directions, top to bottom and left to right, and can be scanned in any direction. This makes them to be easier to capture and allows these codes to store significantly more data than a standard barcode. Additionally, QR codes have an error correction function that makes the code readable even if parts of the code are stained or damaged. QR codes can store a website URL, phone number, digital business card, shipping label, or up to 4,000 characters of text.

History of QR Codes

QR codes were first developed in Japan in 1994 by a company called Denso Wave, a subsidiary of the Toyota Group, as a means of tracking vehicle parts during the manufacturing process. The company declared they would not exercise patent rights, making their QR code technology available to the public. While they were slow to gain popularity, the first mobile devices with QR code readers were created in 2002.As smartphones gained popularity, QR codes became more common. In 2020, Denso Wave continued to improve their original design, adding traceability, brand protection and anti-forgery technology into QR codes.

Today, their use has expanded far beyond automotive manufacturing, with applications across various industries. Marketers started using QR codes in ad campaigns to direct consumers to product information or special offers by putting the codes on posters inside or outside of stores, billboards, and even in commercials. During the COVID-19 pandemic, many restaurants replaced hard copies of printed menus with QR codes to comply with CDC guidance and create a “touchless” environment. Interestingly, there is even a company based in the UK, called QR Memories, that creates QR codes for use on gravestones, allowing people to scan the code to read more about that deceased person’s life (typically linking to an obituary or news story relating to them online).

How QR Codes Work

QR codes function as a bridge between the physical and digital worlds. They can store a variety of data, such as text, URLs, contact information, or even Wi-Fi network credentials. The patterns within QR codes represent binary codes that can be interpreted to reveal the codes data. A QR code reader can identify a standard QR code based on the three large squares within the code. Once it has identified these shapes, it knows that everything contained inside the square is a QR code. To analyze the code, the scanner breaks the code down into a grid looking at the individual grid squares. Each square in the grid is assigned one a value based on whether it is black or white. It then groups the grid squares to create larger patterns.

Are QR Codes Safe?

While many people are aware that QR codes can open a website, they can be less aware of the other actions that QR codes are capable of initiating on a user’s device. Aside from opening a website, a QR code can be used to execute code. Therefore, it is possible for spammers to program QR codes with URL's that lead to phishing websites used for obtaining unsuspecting user’s personal information or login credentials. It is also possible for cybercriminals to program a QR code with custom malware which could be used to exfiltrate data from a mobile device when scanned, add contacts to your device or even compose emails. A typical “attack” would involve scammers placing malicious QR codes in public places, or even covering up legitimate QR codes.

With all the possible malicious uses of QR codes and the fact that users cannot determine what a QR code will do just by looking at it, do the benefits outweigh the risks? As with most technology these days, it seems there is always a risk. If you know for sure that a QR code is from a trusted source, then it is probably safe to scan. However, if you are out in public and see a random QR code stuck to a pole on the side of the road, with no context, scanning that code may not be the best idea. Alternatively, there are secure QR code scanners that you can download to your smartphone. For example, Kaspersky QR Scanner instantly checks that a scanned link is safe before providing any information to the user and will alert the user of phishing scams and dangerous links. It also creates a log of past scans so, if necessary, users can look back to see where and when they were compromised.

Additionally, users may be concerned about QR Codes collecting personal data however, the only data that QR codes do collect (which is only available to the QR code’s creator) includes location, number of times the code has been scanned, the time of day the code was scanned and the operating system of the device that scanned the code.

Conclusion

QR codes have evolved from their origin in the automotive industry to become versatile tools used in marketing, retail, healthcare, and more. Understanding how QR codes work and implementing best practices in their use can enhance customer engagement and convenience. As technology continues to advance, QR codes are likely to remain a valuable asset in bridging the physical and digital realms.

Generative AI, also known as generative adversarial networks (GANs), is a powerful tool that uses artificial intelligence technology and machine learning to create text, images and even videos that appear remarkably authentic. For example, the platform ChatGPT is an AI powered Chatbot that responds to text input and generates responses accordingly. The platform Dall-E is a platform that generates images in multiple styles based on a text description. While this technology holds immense potential for positive applications, there is a growing concern about its potential misuse in the wrong hands. When it comes to cybersecurity for businesses and individuals alike, it is important to be aware of the potential threats. Generative AI, if used by malicious actors, can pose an additional threat to both businesses and individuals. In this article, we explore the dark side of generative AI and the ways it could potentially be used maliciously.

Since real estate transactions are a high-value target for scammers, it is crucial to be aware of phishing emails. Many people, when examining an email to determine its legitimacy, look for incorrect grammar or misspelled words; However, if  scammers use Generative A.I. to write their phishing emails, it is possible there will be fewer obvious grammatical errors within the emails. While this can make identifying a phishing email more difficult, it is important to remember what to look for to signify a phishing email.

There is no foolproof way to determine whether an email is legitimate or not; however, being aware of the indicators can help individuals become more vigilant and protect against potential threats. Overall, when evaluating the legitimacy of an email, it is important to exercise critical thinking skills and consider all of the above factors to determine its authenticity. Furthermore, when in doubt of the legitimacy of an email, it never hurts to get the sender on the phone, using a trusted phone number, to confirm whether they sent the email in question.

Generative AI is still in such an early stage of development and there has been rumors of Generative AI companies implementing regulations for their platforms to monitor and prevent malicious use of the AI. While Generative AI presents both an immense potential for positive transformation, it can also be exploited by those with ill intentions. By staying informed, implementing robust security measures, and promoting cyber awareness within your organization, you can mitigate the risks associated with AI generated phishing emails and keep the real estate transactions secure. 

Bluetooth technology is an extremely effective tool that allows users to connect wirelessly to other Bluetooth enabled devices. For those who are unaware, Bluetooth is a technology that enables an exchange of data between devices that are located within a short distance (for most devices, the range is about 30 feet when there are no walls or other obstacles present). Devices that contain Bluetooth technology include smart phones, laptops and desktop computers, vehicles, wireless headphones or speakers, smart watches, and even internet connected devices. Therefore, a user can connect their smartphone to their wireless headphones or speakers to play music or connect their phone to their vehicle to talk on the phone “hands free” while driving. Users can even use Bluetooth technology to share images with another Bluetooth-connected device (on Apple devices, this is commonly referred to as “Air Dropping” and on Samsung phones it is called “Quick Share”). While there are many benefits to utilizing Bluetooth technology, there have been a lot of articles noting security and privacy concerns to be aware of when Bluetooth is left on (or enabled) after a user has ended the connection between devices.

BLUETOOTH HACKING – IS YOUR SOFTWARE UP TO DATE?

 Security researchers are constantly finding new threats to device security.  For example, in 2017 Armis, a security research firm, discovered a Bluetooth vulnerability known as “BlueBorne”. When hackers used the “BlueBorne” to attack a device, they were able to control Bluetooth-enabled devices remotely, which gave them the opportunity to steal data from the device. Additionally, the “BlueBorne” could spread from one phone to another phone, like a virus. This gave hackers the ability to infect more phones without having to physically be within the 30-foot range of each device.  Fortunately, the security research firm was able to create a security patch for devices to prevent the “BlueBorne” attack. A security patch is code for the operating system that fills in the vulnerability to prevent hackers from exploiting the vulnerability.

 As cybersecurity firms identify new vulnerabilities in the Bluetooth software, they create new security patches which are rolled out in updates to the software or devices; however, they are only helpful when users update their software. Therefore, updating the software on Bluetooth enabled devices is crucial to eliminate any known vulnerabilities from being exploited and keep your devices secure.

BLUEJACKING – ARE YOU RECEIVING UNSOLICITED OR PHISHING MESSAGES VIA BLUETOOTH?

 On smart phones and laptops, the Bluetooth setting has the option of being enabled or disabled. When an individual leaves their Bluetooth enabled on their smart phone, they open themselves up to “Bluejacking”. “Bluejacking” is when someone uses a device’s enabled Bluetooth connection to send unsolicited messages. Messages may be a harmless prank from a teenager but could also be a phishing attack. Many people are aware of Phishing emails; however, Phishing messages can be sent via Bluetooth connection. A malicious actor may use “Bluejacking” to send a phishing message to a smart phone or laptop, pretending to be a trusted source, such as a bank, phone company or social media application. The message typically entices the user to click a link that leads either to a website that automatically downloads malware to a device or a fake website designed to look similar to well-known companies and requests the user provide login credentials or other sensitive information.

 To avoid any “Bluejacking” pranks or Phishing messages shared through Bluetooth connection, it is advised that users disable the Bluetooth setting when they have finished using the connection. However, if a user is connecting to Bluetooth devices multiple times per day, it may be tedious to enable and disable the Bluetooth setting before and after using. Alternatively, a user can adjust their device settings to prevent unknown contacts from sharing messages via Bluetooth connection.

IS YOUR DEVICE PAIRED TO A VEHICLE?

 If you connect your smartphone to a vehicle, your phone’s data may be shared with the car. If it is your personal car, it may not be an issue; however, if you connect to a rental car, you want to be aware of the data your phone is sharing with the rental car. Major car-rental companies have no policies to delete sensitive information collected during the trip after you return the car. Your name and navigation history are considered valuable personal information. Using such data, combined with information publicly available on the internet and social media platforms, a malicious actor could track down an individual. Data that could be collected by a vehicle includes your email address, GPS history, phone book, call log and text messages (if hands-free calling and messaging is used), music streaming login, and more.

 Interestingly, thus far, data collected on vehicles has been used to fight crime. One man was able to track down teenagers that took his car for a joy ride, using the phone usernames that were stored in the car’s device list. Alternatively, people with malicious intentions can also use data to track people down. To protect yourself, before returning a rented car AND before selling or trading in your personal car, take the time to delete your personal data from the vehicle. This can be done by going into the system settings or Bluetooth settings and deleting your device from the “paired phones” list; or by restoring the vehicle to the factory settings. If you are having difficulty, the car manual can guide users through unpairing a phone and deleting information.

SHOULD YOU BE CONCERNED ABOUT BLUETOOTH HACKING?

 Generally, most people should not be concerned about Bluetooth hacking. Cybercriminals typically target people with high level security clearance. However, it does not hurt to be extra cautious. IT professionals recommend the following: 

Companies collect personal information from users each time they visit a website, set up an online account, or use internet connected devices; however, most people do not know what kind of personal data is collected. According to Pew Research Center, 79% of Americans believe that have no control over what personal data is collected by companies. While it may seem that way, companies are obligated to explain how they collect and use people's data within their Privacy Policy. Additionally, account privacy and security settings often allow users to choose how their data is collected and used.

For example, when you talk to Amazon's Alexa from your phone, Amazon Echo, or any other smart device, your voice is recorded and saved on Amazon's Cloud until manually deleted and the stored recordings are available for Amazon employees to listen to. Fortunately, Amazon's account privacy settings allow users to delete voice recordings automatically, after a set time period, and prohibit Amazon employees from listening to the saved recordings. All the user has to do is login to their account and change the settings to what they are comfortable with. 

Unfortunately, there are online accounts and mobile applications that require certain personal information in order to access their services. For those companies, the personal information collected is of tremendous value; however, it is up to each individual to decide whether the service they are getting in return is worth the data they must hand over, even when the service is free. 

DATA PRIVACY DAY

Data Privacy Day began in the US in 2008, commemorating the signing of Convention 108 - the first legally binding treaty dealing with privacy and data protection. In 2014, the US Congress adopted S. Res. 337, a non-binding resolution expressing support for designating January 28 "National Data Privacy Day." 

The National Cyber Security Alliance (NCSA) encourages everyone to learn about and understand how to protect their online data. They advise everyone to check the privacy and security settings on every app, account or device and adjust the settings to a level of privacy and security they are comfortable with. It doesn't have to be all at once. They advise starting with the accounts that are used the most frequently, then make a habit of updating one account per week until all of your accounts are updated with the privacy settings of your choice. On the NCSA website there is an in-depth list of common websites and apps with direct links to the account privacy and security settings or to read the company's privacy policy. 

The NCSA also recommends reading a company's Privacy Policy before signing up for an account to get a better understanding of what data is collected and what  they will do with that data. While many people are worried about their privacy online, few will actually read the privacy policies to learn how companies are using their personal information. A survey performed by Deloitte revealed that 90% of consumers accept legal terms and conditions without reading them. The survey also found that more than 81% of consumers feel they have lost control over the way their personal data are collected and used; however, only 13% of consumers said they never share personal information online. In order for users to understand and control how their data is being collected and used, they must learn what they can do to protect their personal information. 

Privacy Awareness for Small Businesses 

For businesses that collect consumer's data, trust is crucial to the consumer relationship. Consumers trust that the personal information they share is protected. While businesses may never knowingly put their consumer's data at risk, lax security practices can jeopardize a company's sensitive data and expose them to threats. Any company that has a website, communicates electronically via email, or stores customer information in an electronic database has a potential risk of getting hacked if the right precautions are not in place. 

Data Privacy Day is an excellent reminder to create, what the NCSA calls a, "Culture of Privacy" at work by teaching all employees what privacy means to your company and the role each person plays in making sure that client and customer's privacy is achieved and maintained. 

The NCSA's website provides a list of resources for small businesses, including: 

A fraudster's income is largely based on defrauding innocent individuals, so like most other careers, the more proficient they become at their "job", the more they earn. Real estate transactions are a huge target because it means a bigger pay day. This is simply a reminder that they are working relentlessly to defraud individuals because their livelihood relies on it. 

Individuals can pay for and implement many forms of cybersecurity defenses such as security software and email spam filters; however, phishing and spoofed emails often get past the defenses and make it to the Inbox. Therefore, it is each person's job to be alert for suspicious activity to keep from becoming the scammer's next victim. 

Spoofed Emails in Real Estate Transactions

In real estate transactions, scammers use phishing emails to compromise an email account of someone involved in a deal to gain access to that person's emails. Once they have access, they can read all of the emails related to the transaction and learn specific details that only those included in the emails would know (i.e. loan amount, closing date, funds needed to close, other parties involved in the transaction, etc.). Next, they will try to impersonate someone in the email thread by creating a similar email address or by forging the "email from" address. This is a process known as spoofing. Spoofed emails are emails from scammers that are made to appear like they are coming from a real person. 

Spoofed emails are more challenging to spot because the messages look like they are actually coming from a known, trusted party. In real estate transactions, scammers will use transaction specific information gained from studying prior emails, to craft spoofed emails that are difficult to identify. When scammers choose who, within the transaction, they want to impersonate, they will study the prior emails written by that person and note any key words and phrases often used. Then, when crafting a spoofed email, they use those same key words and phrases, along with transaction specific details and will even copy that person's email signature to make it seem more legitimate. The scammer's ultimate goal, when sending spoofed emails, is to send fake wire instructions so funds are sent to their account, instead of the account of whomever is handling the settlement. 

When reading about real estate wire fraud victims, many of them have said they had sent a few emails, back and forth with the scammer spoofing emails before receiving fake wire instructions, and they had no idea they were not communicating with the actual person. This is a clear indication that scammers are skilled at spoofing emails and impersonating people. Hence, learning to identify spoofed emails is critical for preventing wire fraud. 

The following are some examples of how you can identify a spoofed email. 

1. Look at the sender's actual email address.

When sending their spoofed emails, scammers often create an email address that is similar to the person they are trying to impersonate by changing a few characters, or using a different domain extensions (such as “.net” or “.org” instead of “.com”) to trick users into thinking the email has come from a friend, colleague, vendor, client or other known party . They may even create a new email account at a public domain (i.e. Gmail, AOL, etc.) by copying the person's full email address (domain and extension included) to make it appear legitimate. The unsuspecting user won't see any spelling errors in the email address and may overlook the domain. Additionally, scammers often add a Display Name to their email which distracts the user from their spoofed email address. 

The Internet of Things (IoT) is a term encompassing everything connected to the internet, but increasingly defines objects that connect. Essentially, an IoT device is any device with an "on/off switch" that connects to the internet, or to another device that uses the internet. Examples include smart phones, smart light bulbs, kitchen appliances, security cameras, wearable devices, industrial manufacturing robots, cars, navigation systems, GPS trackers, and so much more. A February 2020 report found there are 30 billion connected IoT devices on the planet, which is projected to double over the next five years.

Some examples of fitness industry IoT devices include wearable devices, internet-connected cardio machines, and even virtual reality headsets. According to a Statista report, the number of connected wearable devices increased from 326 million in 2016 to 722 million in 2019.  The development and mass production of such devices has changed where and how people get exercise with devices that allow people to get a "gym-like" workout from the comfort of their home and innovative methods that make physical activity fun and engaging.

Wearable Devices

Modern wearable devices were first introduced in 1965, the Manpo-kei pedometer which translates to "10,000 steps meter" along with research that stated 10,000 steps per day along with the proper caloric intake, was the key to maintain a healthy body. In the 1980s, Polar watches introduced the wireless heart rate monitor.  Today, wearable devices can track much more than just an individual's step count and heart rate. Some of the more advanced devices are able to detect body temperature, activity level, speed, calories burned, distance traveled, changes in elevation and sleep patterns. Sensors for collecting data have been added to various wearable objects transforming them into a data-tracking device, such as bracelets, rings, anklets, clip-on devices, and sneakers.

Wearable fitness tracking devices typically connect to a smart phone and share the collected data with its mobile application counterpart. Within the mobile application, the user can create an account where their data is stored and they can set personal goals for themselves. Mobile applications can include a journal of daily activity or charts of their collected data over a period of time, allowing users to identify when they are making progress towards their goals. Some wearable device’s mobile application allows users to share their fitness analytics with others, adding a social component that can be used to compete with friends and family. Data collected on wearable devices can also be shared with other applications such as apps that host virtual races or virtual fitness events and challenges. 

Smart Cardio Machines

Cardio machines have progressively advanced into internet-connected machines with touch screens, interactive interfaces, and user accounts. By setting up an account on a smart machine, the user's data is collected by the machine's built in sensors and saved to their account. The user can then login to their account on any other machine, of that brand, and their data is always stored to their account. Some cardio machines with built in screens give the user the choice of viewing a scenic route as they workout, giving them the illusion of running or biking through different parts the world. 

Additionally, many companies have developed subscription based applications that utilize live streaming technology or on-demand streaming, allowing people to participate in a fitness class from the comfort of their home. While a streaming app is not an IoT device, companies have implemented their applications into devices that connect to the internet, including, stationary bikes, treadmills, ellipticals and even rowing machines.

Virtual Reality Workouts

With the rise of virtual reality (VR) technology, an individual can engage in physical activity with a VR gaming headset, such as the Sony's PlayStation VR or the Oculus Quest. Utilizing the VR headset and controls held in each hand, a person becomes immersed in a computer-generated world that responds to the movement of sensors located in the headset and hand controllers, allowing them to interact with their virtual environment. Some of the games created for VR technology include dancing, boxing, racquetball, and rock climbing, which require the user to dance or move around as if they were actually in the ring, on the court or scaling the side of a mountain.

For the many people who enjoy gaming, the VR headset gets them off of the couch and into a simulated world, where they have to physically move around in order to progress through the game. Many of the games require the player to move laterally, jump or squat to avoid an object that is headed toward them, or swing their arms around, using motions comparable to a tennis swing, to engage with an object or another character in the game. While these types of games may not be considered “fitness” by a regular gym-goer, they certainly increase an individual’s  physical activity, especially when the alternative for that individual is sitting on the couch and playing a video game. 

Privacy and Security

IoT fitness devices have changed the fitness industry, empowering people to track their activity and find alternative ways to get active. However, as with any internet connected device, it is essential to be aware of the IoT device’s security and privacy settings. Wearable fitness tracking devices store basic personal health information. When such information is collected at a doctor’s office or hospital it is protected by the Health Insurance Portability and Accountability Act (HIPAA); however, HIPAA does not extend its protections to health data accumulated by personal fitness tracking devices. While basic health information may not seem like much of a privacy concern, when wearable devices are used for long periods of time, the information collected begins to paint accurate picture of an person’s health, lifestyle, habits, and identity.

Fortunately, companies are building strong security measures into the devices, making the actual device difficult to hack. However, security weaknesses typically occur when user profiles within the device's corresponding mobile applications are not secured with strong unique passwords. Easy-to-guess passwords give hackers the ability to compromise a user's account. Therefore, when creating a password for your health mobile application, it is imperative to make it unique from other account passwords, and utilize a combination of upper and lower case characters, a number, and special character (i.e. !, @, #, &, *, ?, etc.). Additionally, enabling multi-factor authentication, if available, improves account security significantly.

Privacy is a major concern for a many people. While the IoT devices may be secure, and the user’s password may be strong and unique, to ensure the information stored within the account remains private, it is important to read the company’s privacy policy. While the data accumulated from fitness tracking devices alone pose no great risk to an individual’s privacy, when the data is associated with other information, there are greater privacy implications if the data is misused or shared with third parties.

IoT devices in the fitness industry are innovative and offer people new approaches to work out, giving them the freedom to get active outside of a gym. Plus, detailed tracking of various metrics, keep people informed of their progress overtime. The benefits of such devices outweigh the risk of security and privacy, when the user is informed of the privacy policy and settings and actively securing their user accounts.