Sports teams are built on various things: passion, teamwork, and competition. But these things have something in common. Technology is all necessary to ensure that they can function properly. Digital ticket apps, player performances, and front office communications all use technology on and off the field of play. This connectivity brings about huge opportunities. However, this connectivity can bring about a lot of opportunities for cybercriminals to attack professional sports franchises.

Globally, recognized franchises are all on the radar of cybercriminals. This is not just a computer problem. These attacks can disrupt business and management operations, endanger sensitive information within an organization, damage reputations, impact game day experiences, and affect the safety of players, staff, and fans. Comprehensive cybersecurity policies are no longer optional for sports teams and this is why. They have become essential to ensure that the chance of a cyber attack is limited.

Organizations within sports handle an enormous amount of sensitive information. For example, in hockey, you rarely learn the real injury. Likely, fans and outsiders will hear it is an “upper” or “lower” body injury. What would happen if the real terms of the injury came out? Medical and performance data, scouting reports, financial records, large statistics and information about fans, internal messaging, and other sensitive information is what these organizations aim to protect. A simple ransomware attack could easily shut down stadium and ticketing operations. Perhaps an employee receives a phishing email that could trick anyone. Simply clicking on it could leak credentials and secret information to the cybercriminal. Even a social media account being hacked could damage the reputation of a team forever. The sports world has changed from just being on the physical field to on the cybersecurity field.

Now, cybersecurity is more than just software and firewalls. Also, it is just as much about the people. The most advanced systems in the world can fail at any time. Sometimes, it is up to the average person to protect themselves from these online threats. “Cyber hygiene” is known as the practice of maintaining healthy habits online. This can be compared to an athlete’s physical conditioning. Tiny, yet consistent actions can allow you to stay healthy in the digital world.

For example, a good and healthy habit to have is creating unique, and specifically strong passwords. Using common passwords or repeating the same one you use on either platform is simply not safe. This is because a breach on one site can lead to a breach on the other if you use this same password. Additionally, multi-factor authentication adds another level of protection to your online presence. This additional step of verification such as a mobile code ensures that accounts may stay safe, even if one’s password is leaked or compromised. 

Furthermore, being aware of phishing scams is extremely critical. Cybercriminals will often send simple emails or texts that seem innocent. They appear to come from popular companies that you likely know. Maybe it’s the company that created your favorite game, or your favorite store, or a fake text from someone you know. No matter what method they use, they will likely request sensitive information. This should immediately cause alarm in your head. You should verify that these suspicious messages are through the official channels instead of directly responding to the message you received. This will prevent major damage.

Another important element of cyber hygiene can involve protecting personal devices. Coaches and players often rely on smartphones or tablets for communication on and off the field. If you turn on a football game, players on the bench are often using tablets to review and analyze their play. These devices likely use updated software, automatic security patches, and lock screens that deny or prevent unauthorized access. If even just one of these devices is left open and unattended, anyone can take them and reveal significant data.

Public Wi-Fi may also present different risks. Professional sports teams often travel to airports and then to hotels. These common stops have public networks that the players and staff may connect to. But these may lead to them being vulnerable to attacks. If possible, sensitive activity should be avoided when connecting to Wi-Fi available to the public. Try to use mobile data or a trust and secure connection. 

Social media is something that everyone has. Having awareness on social media is only something some people have. A harmless post of a player’s location, the team facilities, or personal details are something cybercriminals love to see and hear. Think before you post. It can protect you and others around you from harm over the internet. 

A winning culture online leads to a winning culture on the playing field. Having leadership, training, and a great culture on the field leads to success. This is the same with cybersecurity. If you have someone who leads the online portion of work with great care, you will have success. A trained mind is on the internet, it can limit the chance of cyber attacks. And having a great culture of not spreading private information on social media helps to maintain that amazing culture. These aspects allow people’s jobs to be a lot easier, whether online or not.

Overall, cybersecurity is about trust. Fans trust organizations with their information. Players trust management to control how much the public knows about their finances and personal data. Management trusts the operations can run smoothly without worry on gameday. Technology continues to shape the world. Having good cyber hygiene allows many sports franchises to stay safe on the internet. If you maintain your own cyber hygiene, you can stay safe as well.

The post When the Biggest Opponent Isn’t on the Field: Cyber Threats in Sports appeared first on Berkeley Varitronics Systems.

In the world of financial crimes, the game has changed—and you may not even know it. While you rely on surface-level tips from a few years ago, cybercriminals are using advanced, undetectable technology to steal your financial data. And unless you’re using a tool like Skim Scan, you’re just playing into their hands.

The Invisible Threat: Deep Insert Skimmers

Forget those chunky skimmers attached to the outside of a card reader. Today’s criminals don’t leave evidence so easily. They’ve moved on to deep insert skimmers—razor-thin devices designed to fit snugly inside the actual card reader slot. They sit beyond your line of sight, silently capturing your card data with military precision.

These skimmers can’t be dislodged with a jiggle, shaken loose, or spotted with the naked eye. In fact, trying to rely on movement or visible cues is not only outdated—it gives you false confidence. Specialized tools like Skim Scan allow authorities to move quickly from pump to pump or ATM to ATM checking for skimmers all day.

“There’s no other way to detect deep-insert skimmers,” said Captain Jeff Roberts with the Texas Financial Crimes Intelligence Center. 

The Deception of Inspection Stickers

See that inspection sticker? Many people treat it like a seal of approval, a sign that no tampering has occurred. But here’s the ugly truth: criminals can buy authentic-looking inspection stickers on the dark web. In seconds, they can re-seal a compromised reader to appear untouched, fooling even the most cautious user.

Some stickers are even printed with barcodes and holograms, making them indistinguishable from legitimate ones. So while you’re trusting a sticker, they’re skimming your savings.

Printing Fraudulent Card Readers

Have you ever looked closely at most card swipers at the checkout counter? They all have similar components: screen, keypad and a place to swipe your card. But how do you know it’s really real? Plastic bezels can be mass produced or 3D printed by criminals and placed overtop legitimate bezels in seconds. All transactions go through without issue and the consumer, business owner and checkout cashier are all none the wiser. Can you spot the fake ones without yanking off a keypad overlay? Skim Swipe checks for hidden skimmers as fast as you can swipe a card.

Enter Skim Scan: Your First Line of Defense

To fight a hidden threat, you need an advanced detection tool. Skim Scan is designed specifically to detect deep insert skimmers—the kind you’ll never see or feel. It doesn’t rely on guesswork or visual inspection. Instead, it uses precise scanning technology to locate unauthorized hardware inside the reader itself.

ATM operators, gas station owners, and financial institutions that deploy Skim Scan are one step ahead of the criminals. They’re not just hoping for the best—they’re actively scanning for threats, preventing fraud before it happens, and protecting the financial data of their customers in real time.

Why the Old Tricks Fail—and Could Cost You

Every time you rely on an outdated method—like jiggling the bezel or eyeballing a sticker—you’re taking a gamble. Modern financial fraudsters are tech-savvy, well-funded, and relentless. They don’t just place a device and leave—they update their methods constantly, making yesterday’s security tip useless today.

By the time you notice fraud on your bank statement, it’s too late.

The Bottom Line: Don’t Trust What You Can’t See

The most dangerous threats are the ones that go unseen. And in the high-stakes world of financial crime, trusting your eyes—or your instincts—isn’t enough. You need tools built for the fight. You need Skim Scan.

Because in a world where skimmers are invisible, only proactive detection can keep you—and your money—safe.

The post The Skimmer You’ll Never See: Why Outdated Tricks Won’t Protect Your Wallet appeared first on Berkeley Varitronics Systems.

A Soft Target: Magnetic Stripe SNAP Cards

EBT cards, issued to millions of low-income Americans to help them purchase food and basic necessities, currently function like traditional debit cards—most lacking chip or tap-to-pay capabilities. Instead, they rely on the vulnerable magnetic stripe technology that stores unencrypted Track 2 data. When swiped, this data can be easily intercepted and copied. Combine that with a PIN code, and criminals have everything they need to drain a SNAP account.

The method of attack? Skimming.

How Skimming Works—and Why It’s So Effective

Criminals exploit two common vectors:

1. POS Overlay Skimmers – Fraudsters place fake devices over legitimate point-of-sale (POS) card readers in SNAP-authorized stores. These overlays often include a phony keypad to steal the user’s PIN as it’s typed as well as garnish the card information when they swipe thru the reader.
2. ATM Deep Insert Skimmers – At ATMs dispensing EBT cash assistance, attackers insert tiny internal skimming devices that read card data directly from the magnetic stripe, while a hidden camera or keypad overlay captures the user’s PIN.

Once criminals obtain the Track 2 data and PIN, they clone the card and empty accounts—often before victims even realize they’ve been targeted. Since the federal Electronic Funds Transfer Act (EFTA) and Regulation E exclude EBT users, victims have little to no legal protection or financial recourse.

The Human Cost of Technological Neglect

The fallout is devastating. In March 2025 alone, more than $700,000 in SNAP benefits were stolen from EBT accounts in Rhode Island through skimming attacks. Roughly 1,800 recipients were affected—many of them children, families, and seniors. The consequences ripple outward: food insecurity, lost revenue for local grocers, and increased strain on community food banks and support organizations.

Despite having access to $84 million in unused TANF block grant funds—some of which could reimburse SNAP skimming victims with children—Rhode Island has yet to allocate any of those resources. Nor has the state taken action to convert to more secure chip and tap cards, despite federal matching funds covering half the cost.

An April 2025 InvestigateTV investigation found that fraudsters using skimming methods drained EBT accounts in under 2 minutes after deposits — targeting multiple states in rapid succession.

As one mother described, “They drained my EBT card in two minutes… left me with nothing.” 

Other States Are Stepping Up—Why Isn’t Everyone?

California began issuing chip-enabled EBT cards in January 2025. Maryland, New Jersey, Alabama, and Oklahoma are actively following suit. The cost to fully convert Rhode Island’s cards is estimated at $3.6 million—just $1.8 million from the state budget after federal matching. Yet, the FY2026 budget makes no mention of such an allocation, leaving thousands of vulnerable residents exposed.

The U.S. Department of Agriculture’s Food and Nutrition Service (FNS) has strongly recommended the transition to chip and tap technology. This method encrypts card data during transactions and is virtually immune to traditional skimming techniques.

Technology Exists to Combat Skimming—So Use It

In late May 2025, the U.S. Secret Service led a multi-agency effort in North Carolina, inspecting over 1,700 ATMs and POS terminals. They removed 17 skimmers—a potential $5.1 million loss averted—highlighting EBT cards as prime targets due to their outdated magnetic stripes. While this dragnet was effective, it only involved one state while using a lot of resources. Dedicated tools are required to increase the effectiveness of such efforts to benefit the entire country:

• Skim Swipe: A handheld tool designed to detect rogue POS overlays and compromised payment terminals by analyzing electromagnetic anomalies in real time. Retailers and inspectors can use this device to identify tampered readers before they are used by SNAP recipients.
• Skim Scam: A compact deep-insert skimmer detector developed specifically for ATM technicians and field agents. It can identify the presence of unauthorized devices embedded within card slots—vital for high-risk EBT ATMs.

These tools empower law enforcement, retailers and state agencies to conduct regular sweeps and audits of SNAP payment points, adding a crucial layer of defense while awaiting a system-wide upgrade. 

Time to Act: Protect the Most Vulnerable

The refusal to modernize SNAP EBT cards isn’t just a bureaucratic oversight—it’s a systemic failure with real-world consequences. While wealthier Americans benefit from fraud protection laws and advanced payment tech, low-income families are expected to navigate a minefield of cyberthreats with no armor.

States like Rhode Island and many others have the funds. The technology is proven. The need is urgent.

It’s time to phase out magnetic stripe EBT cards. Children should not go hungry because their state failed to keep up with 21st-century fraud prevention.

The post SNAP Vulnerabilities: How Magnetic Stripe EBT Cards Fuel a Cybercrime Epidemic appeared first on Berkeley Varitronics Systems.

In today’s hyper-connected world, where convenience and connectivity dominate both personal and professional spaces, personal electronic devices (PEDs) such as AirPods, smartphones, smart tags, and IoT gadgets have become part of our daily routine. While these devices provide productivity and ease of access in everyday life, they also pose serious security threats when introduced into environments designed to handle sensitive or classified information.

Sensitive Compartmented Information Facilities (SCIFs) and secure data centers exist to protect national secrets, critical infrastructure data, intellectual property, and confidential communications. Unfortunately, these highly protected zones are vulnerable to the silent and often underestimated threat posed by modern PEDs. What appears to be a harmless accessory—like a Bluetooth earbud—can actually be a covert surveillance tool, a wireless exfiltration device, or even a location-tracking beacon. This threat is not theoretical; it is real, growing, and requires immediate and proactive countermeasures.

SCIFs are meant to be airtight information vaults. Yet even the most secure facilities face insider risks—contractors, employees, or visitors unintentionally (or maliciously) carrying devices that can transmit wireless signals or record sensitive conversations. AirPods and similar Bluetooth-enabled devices are particularly concerning. These products contain built-in microphones that, if hijacked by malware, can secretly record and transmit audio. They also maintain Bluetooth Low Energy (BLE) connections that can facilitate data leakage, even when the devices seem dormant. In some cases, they remain invisibly connected to smartphones or tablets nearby, forming a covert link to the outside world. A June 2025 study demonstrated that smartwatches can be used to exfiltrate data from air‑gapped systems via ultrasonic channels.

Lawmakers warn of mobile phone threats in SCIFs as well. A CyberScoop article reported concerns from a bipartisan pair of lawmakers about mobile phones entering SCIFs—prompting the Senate Sergeant at Arms to track breaches. One representative recounted his phone returning from Eastern Europe with Russian malware, forcing a full wipe of the device.

Another growing concern is the rise of location-tracking tags such as Apple AirTags and Tile devices. These small gadgets continuously emit BLE signals and are commonly used for asset tracking. However, they can be exploited to track personnel, map facility layouts, or monitor patterns of movement within restricted zones. Malicious actors can discreetly place one of these tags near or on a target and gain real-time intelligence without ever setting foot inside a secure facility.

Wi-Fi and cellular-enabled devices like smartphones, tablets, and smartwatches introduce additional risk. These devices often operate across multiple frequencies, including 2.4 GHz, 5 GHz, and sub-6 GHz bands, and are capable of connecting to rogue access points or cellular networks. Even innocuous devices like fitness trackers can open side channels for information leakage via passive syncing or unauthorized data transfers.

Wearables devices such as Apple Watches are also slipping into SCIFs. Even well‑meaning cleared professionals have triggered violations simply by forgetting to remove them. An industry article highlighted how military and cleared personnel frequently enter secure zones with Apple Watches inadvertently—triggering security violations.

Thankfully, the threat posed by PEDs has not gone unnoticed at the highest levels of government and defense. A series of federal directives and compliance requirements have been enacted to mitigate these risks. The Intelligence Community Directive 705 (ICD 705) sets the physical and technical standards for SCIFs, explicitly prohibiting unauthorized PEDs and requiring strict control and monitoring of all wireless activity. The Department of Defense Manual 5200.01 reinforces the need for Technical Surveillance Countermeasures (TSCM) to detect and eliminate any devices capable of emitting or receiving unauthorized signals. Moreover, emission security guidelines from the Committee on National Security Systems (CNSS) emphasize the need to control even unintentional RF emissions, which can be just as dangerous.

These regulations make one point abundantly clear: It is not enough to ban devices by policy alone. Facilities must actively monitor, detect, and neutralize unauthorized transmissions. Security isn’t just about locking doors; it’s about being aware of what’s happening in the invisible RF spectrum all around us.

Unfortunately, ignorance isn’t a valid defense. A contractor walking into a SCIF with active AirPods or a synced smartwatch—whether knowingly or not—represents a breach. Whether data is actually leaked or not, the violation of protocol is grounds for investigation and could open the door to catastrophic losses.

This is why proactive wireless monitoring is not just useful—it’s essential. Enter the Yorkie-Pro and WallHound-Pro from Berkeley Varitronics Systems, two purpose-built tools that empower security teams to detect, identify, and respond to threats from PEDs before damage is done.

The Yorkie-Pro is a portable RF detection device that scans for Wi-Fi, Bluetooth (both BLE and classic), and cellular signals. It acts like a digital bloodhound, pinpointing the exact location of unauthorized devices using direction-finding antennas and real-time signal analysis. It doesn’t just tell you that something is wrong—it tells you where and what it is. Whether you’re conducting a routine sweep of a SCIF or investigating a suspected leak, the Yorkie-Pro provides the actionable intelligence needed to secure the environment.

On the other hand, the WallHound-Pro is designed for real-time, automated detection. Installed at entry points or high-security areas, it continuously monitors for rogue devices. When a prohibited device is detected—whether it’s BLE from a smart tag, a cellular ping from a smartwatch, or Wi-Fi emissions from a mobile hotspot—it triggers audible and visual alerts. This instant feedback allows staff to intervene immediately, preventing unauthorized devices from entering sensitive areas.

To understand the impact of these tools, imagine a scenario in which an employee unknowingly walks into a SCIF with a smartwatch still connected to their phone. That BLE connection is a live transmission that violates SCIF policy. Without monitoring tools, the violation goes undetected. But with WallHound-Pro at the door, an alert is triggered. Security staff are notified, and the device is removed before it poses a threat. Multiply this situation across hundreds of entries per day, and the value of real-time detection becomes undeniable.

In today’s threat landscape, where even the smallest device can be weaponized to steal secrets or disrupt operations, vigilance is not optional. It’s imperative. Policies are a starting point, but they must be enforced with visibility and actionable intelligence. The threats are evolving. So too must our defenses.

Tools like the Yorkie-Pro and WallHound-Pro don’t just fill a gap—they establish a new standard for proactive security. They offer SCIF managers, IT teams, and security professionals a reliable way to enforce compliance, mitigate risk, and protect what matters most.

In high-security environments, you don’t get a second chance. Once data is lost, there’s no getting it back. Don’t leave security to chance—monitor, detect, and act before it’s too late.

Want to see how these tools can protect your facility? Contact Berkeley Varitronics Systems today for a live demo at 732-548-3737 or sales@bvsystems.com.

The post PEDs: The Silent Threat to SCIFs and Secure Data Centers — And How to Fight Back appeared first on Berkeley Varitronics Systems.

If this most recent presidential election has taught us anything about national priorities, it has told us that border security is atop that list. President Trump’s mass deportation and aggressive ICE tactics may be getting all the headlines lately, but I’m more concerned about border security behind the scenes. Our ports of maritime gateways and Ports of Entry (POE) face major challenges not just from illegal migrants, but from an assortment of illicit substances and items also brought across the border.

The good news is that deadly substances like fentanyl are actually in decline crossing our border in 2025. The bad news is that more than 90% of interdicted fentanyl is stopped at POEs, where cartels attempt to smuggle it primarily in vehicles driven by U.S. citizens. If the vast majority of illegal drugs are being muled or driven across borders by U.S. citizens, just imagine all the other illegal substances that are not being seized due to the false assumption that undocumented illegals are responsible for the bulk of illicit items. We need better methods to enforce our borders. We need a technological edge.

According to Fox News, “Pending completion of investigation and risk mitigation, all Agents will stand down the use of their BWCs [body worn cameras] until further notice,” Reports found on Reddit claim that anyone with a smartphone can detect the Bluetooth used by agents wearing bodycams to successfully navigate through weakspots in the border security. But the wireless woes don’t stop there.

Maritime ports serve as critical nodes in the global supply chain, facilitating the movement of goods across continents. In 2024, DP World’s ports alone handled a record 88.3 million twenty-foot equivalent units (TEUs), marking an 8.3% increase from the previous year . The Port of Los Angeles, the busiest in the United States, processed over 10 million TEUs in the same year . However, the sheer volume of container traffic presents significant challenges in ensuring the security and legality of goods transported. With thousands of containers stacked high and the demand for imports to be immediately shipped out across the U.S., it’s hard to imagine any thorough searches for contraband to be executed according to The Wall Street Journal.

A growing concern in maritime security is the use of GPS and Bluetooth Low Energy (BLE) trackers, such as Apple AirTags, Samsung SmartTags, and Tile devices, to monitor shipments illicitly. These small, inexpensive devices can be discreetly hidden within cargo, enabling unauthorized tracking of containers. Such practices can facilitate the theft of goods, unauthorized surveillance, and the circumvention of customs regulations. However, tools are being introduced to detect an assortment of wireless hackers, contraband and illegal tracking.

In recent years, we’ve seen a steep rise in tracking technology. From tiny GPS trackers to Apple’s AirTags, consumers and industry sectors have all benefitted from cheap, ubiquitous technology that allows tracking of items around the world for little to no cost at all. Our borders and citizens depend upon US military, border and defense agencies to stay on top of the latest threats with high tech countermeasures. As POEs and border security issues continue to drive elections, budgets and technology, we will continue to see more stories of contraband crossing our borders. The only way to ensure border security is to arm agents with technology and training to effectively locate illegal items and undocumented immigrants.

The post Securing Our Ports of Entry appeared first on Berkeley Varitronics Systems.

Cybersecurity expert and BVS, Inc. CEO, Scott Schober, bags another hidden skimmer into evidence

Massive Ponzi schemes created by the likes of a Bernie Madoff or Sam Bankman Fried get all the attention. They rake in greedy or gullible investors and depending upon their positioning within the pyramid, stand to make a lot of money or lose their shirts. It’s certainly a grift predicated on betting big in order to win big. But there’s another, smaller ongoing grift that affects all of us. Some of us in small ways and some in big ways.

According to FICO, debit card skimming increased by 700+% in the first half of 2022 and 70% of fraud cases in the U.S. are tied to skimmers in CA, NY, PA, FL, and WA. Skimming is a multi-billion dollar crime and these large numbers don’t even take into account all of the collateral damage that stems from the ensuing identity theft and credit fraud down the line. Card skimming is essentially an extra card reader secretly inserted into any normal looking ATM, gas pump or vending machine. It allows the customer to make their transaction seamlessly while also stealing their card and personal data.

If you’ve ever gotten alerts from your bank detailing possible fraudulent charges, there’s a good chance that your card has been recently skimmed. And even if you’re lucky enough to not have had your accounts drained, you still face the major inconvenience of waiting for a new card to be issued to you only after a series of unnerving questions surrounding your recent purchases. Of course, you also face the distinct possibility of identity and monetary theft if you fail to freeze your credit in time. So am I just trying to scare you into a defensive posture right now or do I have a point to this lecture?

One point I would like to make is that the good guys are on the case. The public is regularly reminded to check for suspicious alterations made to gas pump and ATM card slots and keypad overlays. Skimmer alerts are regularly issued to service stations or banks that fall into an epicenter of fraudulent activity, particularly when an actual skimmer is discovered. Skimmer fraud task forces are also on the case, but is this enough? We don’t think so which is why my company has entered into the card skimmer detection game. We sold hundreds of Skim Scan™ skimmer detectors to retail centers, credit unions and fuel stations across the country and we’re just getting started. Unlike other anti-skimming solutions, our skimmer detectors require no hardware modifications, can be operated by anyone, and only takes a few seconds to detect a hidden skimmer without the need to open up every machine for thorough inspections.

My company is really a wireless security company at its heart, so we have also introduced BT (Bluetooth) skimmer detection products which have become a growing concern. A BT skimmer can be hidden deep inside a payment terminal. It behaves like any other card skimmer but transmits all stolen card credentials wirelessly to a nearby cyber thief. The risk of getting caught while trying to retrieve stolen data wirelessly is next to none. This quick turnaround allows thieves to steal credentials and create an army of cloned cards all in the same day. These cards are then dispersed around the area to withdraw large but controlled sums of cash from victims’ accounts so as not to arouse too much suspicion among account holders, banks or law enforcement. According to studies, the average card skimming event captures 185 cards and the average skimmed card will generate $2,000 in fraudulent charges before being detected. Some simple math tells us that a single skimmer can generate around $370,000 of stolen cash. But the thieves aren’t finished yet. They go on to sell all of those stolen card credentials on the Dark Web. They package thousands of stolen cards into bundles and sell them to an assortment of criminals and Dark Web bottom-dwellers.

But haven’t modernized chip and pin cards put an end to card skimming? Not really. Old fashioned magnetic stripe cards have always been easy to skim and clone. And most modern chip card readers in the U.S. continue to support mag stripe cards so we are left with a self-perpetuating system of fraud that exists so long as consumers aren’t incentivized to update their card technology and retailers and banks aren’t incentivized to update their card reader technology. And on top of all of that, card shimmers have emerged.

A shimmer is simply a duplicate chip reader hidden inside a card reader that can capture data stored on the microchips stored in any EMV-compliant credit or debit cards. So the old guard of pitifully secured mag stripe card readers are slowly being replaced by the new guard of advanced EMV chip cards and readers that have already been hacked by advanced shimmers. There’s not too much good news to go around except that companies like ours are working with law enforcement on a detection solution and should have something to bring to market in 2024. In the meantime, keep a watchful eye on both your surroundings and the ATM or fuel pump right in front of you next time you are getting cash or paying at the pump. It could save you a major headache and lots of money.

This blog originally appeared in The Beverly Hills Times Magazine.

The post Behind the Great Skim appeared first on Berkeley Varitronics Systems.

As an average sized male, I have come to realize that I take many things for granted. After speaking to my wife and daughter, it has become alarmingly clear that my personal safety is clearly one of those things. I don’t worry about walking alone at night and I don’t have to have my keys, flashlight and pepper spray handy as I approach my door. As a wireless tech expert, inventor and CEO of my own wireless security company, I am painfully aware of the problems associated with a new breed of low-cost, personal trackers being used to track more than just personal belongings. People are being increasingly stalked, robbed and assaulted thanks in part to technology we all use.

It’s no secret that tech companies like Google and Facebook track our every move. It’s just a part of consumerism in modern digital life so it’s consensual – consumers give up a degree of personal privacy in exchange for services that connect us all. These services are mostly bankrolled by advertisers and retailers looking to find new customers. But what happens when individual users are able to do the tracking instead of advertisers?

Stalking goes way back so you would think that by now, people would have a clear understanding of the patterns, perpetrators and causes behind it all but that doesn’t seem to be the case. National Stalking Awareness Month has been publicly observed since 2004, but some of the statistics they publish continue to be stark reminders that not only is this problem not going away, this problem is growing due to advances in wireless technology.

I met with my engineers and we came up with a product solution that addressed the problem but at 1/12th the price of our best-selling professional solution. After a few moments of worrying about cannibalizing our own profits, we decided to take the leap and go for it. But we weren’t just breaking with our own business model by offering the cheapest product we’ve ever made to a market that we’ve never even served before. We also decided to crowdfund some of our R&D using Kickstarter. Sure we’ve designed many products based upon customer feedback over the years, but we’ve never taken their money until the finished product shipped. Kickstarter was an entirely new paradigm for an old school business like mine. I might run a wireless tech company but it’s a 50 year  old one!

BlueSleuth-Lite was first conceived only a few months ago but we’ve been detecting bluetooth and BLE (Bluetooth Low Energy) devices now for years using our BlueSleuth and BlueSleuth-Pro products. The device had to be small enough to fit comfortably into a pocket but also operate in that pocket all day without losing power. In order to keep the price down, we used LCD displays, components and interface buttons we had used in previous products. However, we did design our first wireless charging system integrated directly into BlueSleuth-Lite to give it that consumer experience one might expect. Once we perfected the algorithms and features, BlueSleuth-Lite was ready for the world of Kickstarter.

As I write, our Kickstarter campaign is roughly half way through and we are also half way to our funding goal. With Kickstarter, it’s all or nothing so it’s too close to call right now. Regardless of the outcome, my mission remains the same; protect people’s privacy and security through wireless solutions. Based upon estimates that wireless devices will grow to 3x the world population sometime this year, I’d say I have my work cut out for me.

Please check out the BlueSleuth-Lite Kickstarter here and watch the video for more details on how stalking is made easier through ubiquitous technology we all use.

The post Stalking has never been easier so let’s change that appeared first on Berkeley Varitronics Systems.

Trust can be a hard thing to come by in this world but in the world of cybersecurity, trust is virtually non-existent, or at least it should be. VPNs got us all from crawling to walking in the early days of the internet, but security needs have outpaced VPNs’ abilities to deliver true security and privacy for users and organizations so we now look to more advanced solutions to keep us cybersafe.

Back in 1996, a Microsoft, Ascend and 3Com developed the peer-to-peer tunneling protocol or PPTP. PPTP was created in order to ensure a more secure and private connection between the user and the internet. As the internet rapidly expanded, so did viruses, malware and a plethora of attacks targeting end users and even their networks. It became clear that not only a more secure method of connection was in order but also a more convenient one too. In the early 2000s, internet users were becoming increasingly on-the-go and required the ability to connect remotely to a private network over a public connection.

This called for a standard that not only maintained privacy through encryption but also prevented malware all while affording users the ability to connect to their sensitive data from anywhere in the world. VPNs or Virtual Private Networks were born out of necessity for businesses to keep their data safe while employees accessed these private networks.

Unlike the original PPTP protocol, VPN allows many users and devices simultaneous access to private networks across a very public internet. This is accomplished using a three-layered approach involving tunneling, authentication and encryption. This was sufficient for its time, but the internet has exploded in use since the early 2000s and not just by business users.

Billions of internet users including consumers, journalists and gamers regularly connect using VPNs but the same convenience that allows them to connect from anywhere using any device also carries risks that stem from traffic that VPNs were never designed to handle. The rise of cloud computing among all internet users has revealed cracks in the surface of these networks that VPNs worked so hard to conceal and remediate.

Many free VPNs collect vast amounts data on their users that they then turn around and sell to advertisers. And while encrypted VPN data cannot be read by your internet service provider, they can determine that you are using a VPN and even the nature of the encrypted data since it all passes through their pipes. This can become an issue for users who are bound by agreements restricting internet use outside their own country for something as harmless as streaming a show on Netflix to something as serious as reporting human rights violations from within China.

The final nail in the coffin of VPN came in early 2020. The COVID-19 pandemic changed so many things about our daily lives especially remote working. Seemingly overnight, the remote workforce went from roughly 6% to over one-third of workers. Flexible remote work opportunities exploded during the pandemic so much so that many bosses and companies have resigned to the fact that many of these workers will never be stepping foot into their employers’ offices again. Many other companies have adopted hybrid-remote policies in an attempt to keep an eye on employees while also affording them work-from-home independence. Unfortunately, all of these approaches collectively expand an ever-increasing attack surface that VPNs were not designed to handle.

Zero Trust Network Access or ZTNA isn’t a new concept, but security providers have been quick to adopt it due to urgent needs both during and post-pandemic. The essential difference between ZTNA solutions and VPNs is that ZTNA models utilize a “never trust, always verify” approach to each user before granting access. If we liken users and data to a two-way spigot extending off a giant network barrel, ZTNA offers unlimited spigots (one for each user) while VPN offers just one giant spigot for everyone. Zero Trust, as implied by the name, not only requires robust authentication but also segments users with granular access to specific apps. This limits their exposure to the network and minimizes risks to all users and networks.  ZTNA is implemented with the security designed around users so when employees are connected both your network and your employees are protected.

And since ZTNA is a cloud-based solution, it scales globally all while implementing posture checks before connecting devices, privatizing user access with multi-factor authentication and allows user and network management all from a single platform. Due to the physicality of VPN firewalls, similar scalability is more expensive, more time consuming and decidedly less secure.

ZTNA providers allow any organization a flexible, 360-degree view of all access and security. See all the benefits of ZTNA vs On-Premises Firewall VPN for the Remote Workspace so you can keep your organization cybersafe.

This blog was sponsored by Perimeter 81

The post Death of the VPN: A Security Eulogy appeared first on Berkeley Varitronics Systems.

FCC Commissioner @BrendanCarrFCC just threw down the data protection gauntlet via Twitter regarding TikTok’s Chinese ownership and data privacy practices (and deceptions). Is this a real attempt to bolster the data privacy of US citizens or just a misguided distraction? And given recent U.S. Supreme Court rulings, is TikTok’s data harvesting any more dangerous to our privacy rights than our own government?

The TikTok threat narrative goes back to the tail end of the Trump administration. Shortly after a Trump political rally was derailed via TikTok activists and then mocked all over social media due to low attendance, the Trump administration decided to put the popular social network in its sights. This was to be the latest ban of a Chinese government owned company that operated in the U.S. following the bans of Chinese telecom giants Huawei and ZTE. These threats were never officially carried out in the U.S. but Canada and Australia have also begun efforts to make similar bans.

You may recall some of the confusion that first made headlines after Trump signed an executive order banning TikTok. A federal judge struck down the Trump administration’s efforts to ban TikTok, but from there followed a dizzying array of rumors involving potential U.S. companies such as Oracle that could house TikTok data or companies such as Microsoft that could simply buy TikTok itself. This Wikipedia page offers more details on the controversy than this blog could ever contain.

Now with a few more countries joining the fray, U.S. FCC Commissioner, Brendan Carr has chimed in with his inflammatory tweets about TikTok’s nefarious data practices and his concerns are not unwarranted. “TikTok doesn’t just see its users dance videos,” he tweeted. Carr posted a report that details the abusive collection of keystroke patterns, biometric facial and voiceprints, location data, browser history and of course all of the user’s likes and dislikes across TikTok. Some of this data is surely an overreach while other data is standard collection for any social media network including the controversial Meta’s Facebook.

ByteDance, the Chinese government owner of TikTok, has promised that all data on U.S. TikTok users resides on servers within the United States. However, according to a recent BuzzFeed story, U.S. user data has been repeatedly accessed from China since October, 2021. Another concerning issue is that of 3rd party data sharing. TikTok continues to allow an alarming amount of 3rd parties access to data which can track, market to and share to even more parties even after TikTok users opt out of data sharing.

Commissioner Carr cites App Store policies on surreptitious data harvesting and has called upon Apple and Google to immediately remove TikTok from their stores. One the past few years, TikTok has risen to surpass former chart toppers FaceBook and Zoom as the number 1 app download worldwide with over 3.5 billion downloads. According to a Pew survey, two-thirds of Americans see China as a major threat  but what about our own government?

Trust in U.S. government institutions is nearing a historic all-time low among the American public according most surveys and while these numbers break down differently along party lines, we see a clear trend downward. False claims of a rigged presidential election gave way to an attempted insurrection in 2020 and we continue to see further lies, willful ignorance and erosion of democracy brought to light in the ongoing Jan 6 committee hearings. On top of all this distrust and doubt, we also see an historic low confidence in the U.S. Supreme Court according to the latest Gallup polls. Recent partisan-driven SCOTUS rulings have left a bad taste in the mouth of many Americans which begs the question: What can protect Americans from data harvesting by our own government?

One of the original proposals was for was for an American company to purchase a controlling share of TikTok in order to operate in the U.S.. With so many state laws now going into effect threatening to imprison and fine Americans for personal rights and freedoms they held for the past 50 years, what’s to prevent TikTok data from being used to target, publicize and prosecute any violators or those that aid them? After all, even with all the private data harvested in world, China still cannot make any laws that oppress certain Americans. Right or wrong, that is the domain of the U.S. legislators and court decisions.

Laws and controversies are transitory but data is not. All data that is not deemed private nor protected can be used against people and their associates as laws, trend and social norms change over time. That is why I always urge people to maintain the smallest digital footprint possible, keep your data backed up and protected with strong passwords and never share personal data with anyone.

The post Is TikTok the Devil You Know or Worse? appeared first on Berkeley Varitronics Systems.

The workplace has changed immeasurably over the past couple of years. While more people were moving to work from home, or even had some sort of hybrid of both, the restrictions brought in during the pandemic have changed many people’s attitude towards working in an office.

A recent poll discovered that 61% of people who are working from home are doing so because that’s what they prefer, even though their offices are now open. It represents quite a turnaround as just over a year ago, only 36% would have instead chosen to do their job outside the office.

While people are finding it more productive and are appreciating more time within their own four walls, the rise in people not coming into the office can often present risks for their employers. Today, we look at some of the problems that businesses face while their staff aren’t in the building and fulfilling their role elsewhere.

Unsafe Wi-Fi networks

Employees are getting online via their own home wireless networks or, in some cases, accessing your business network via unsecured public Wi-Fi. This could leave them open to malicious attacks from people who may be able to spy on their connection and steal confidential information. This can happen through data being sent, often unencrypted, over these home networks rather than the secured ones within the workplace.

Software Security

One of the key elements of managing remote teams is revealed by LHH to be conducting meetings over video conferencing software, such as Zoom. The popular platform has had to have extensive updates due to the user base growing from 10 million to 300 million users after breaches in security caused some issues. One issue was some Apple Mac users were experiencing problems with their microphones at the end of a call; they weren’t disabling, which meant conversations could be heard outside of the meeting. Also, there have been flaws in the software revolving around remote hacking. This could have given access to meetings and content over the calls to those looking to steal information. Thankfully, however, these have now been fixed via those aforementioned updates.

Using personal devices for work

Employees using personal devices for work-related matters is a huge risk; if they don’t keep their devices up to date, it potentially poses a security risk. As just noted with Zoom, the importance of applying these patches is paramount. How stringent are they with passwords and security on their devices? Is this something that could easily be exploited? By blurring the lines between personal and professional increases the risk of sensitive information falling into an insecure environment. Also, while considering sensitive information, if an employee was to leave your company after working on their device from home. Do you know what information they have stored? You have no way of accessing it or ensuring its deletion.

Remote infrastructure attacks

Aside from what can happen between the employee and the business, there are inherent risks that come with installing new infrastructure to allow for remote working. The new systems can be open to brute force attacks, and already there are reports that malware attacks are on the rise. So, you must protect against DDoS attacks, as not doing so could prevent workers from accessing services over the internet or, worse, destroy your business.

Summary

As you can see, there are inherent risks that are associated with the internet and people using it to work from home. However, with good communication, many potential issues can be limited by keeping staff aware of the best practices. But overall, remember risks don’t just appear when employers work from home, it’s key to ensure you secure your staff, no matter where they are, for the good of your business.

The post Cybersecurity Risks When Managing Remote Teams appeared first on Berkeley Varitronics Systems.