Welcome back, my aspiring cyberwarriors!

Smart homes are increasingly becoming common in our digital world! These smart home devices have become of the key targets of malicious hackers. This is largely due to their very weak security. In 2025, attacks on connected devices rose 400 percent, with average breach costs hitting $5.4 million

In this three-day class, we will explore and analyze the various security weaknesses of these smart home devices and protocols.

Course Outline

1. Introduction and Overview of Smart Home Devices
2. Weak Authentication on Smart Home Devices
3. RFID and the Smart Home Security
4. Bluetooth and Bluetooth LE vulnerabilities in the home
5. Wi-Fi vulnerabilities and how they can be leveraged to takeover all the devices in the home
6. LoRa vulnerabilities
7. IP Camera vulnerabilities
8. Zigbee vulnerabilities
9. Jamming Wireless Technologies in the Smart Home
10. How attackers can pivot from an IoT devices in the home to takeover your phone or computer
11. How to Secure Your Smart Home

This course is part of our Subscriber Pro training package

This iconic scene in Minority Report where purchases are tied to bio-metrics is no longer science fiction, it is your impending future. In more and more stores, networked cameras tag your face, follow your path, and link this information to loyalty profiles and purchase histories. In an era of rising surveillance, retail harvesting may seem relatively innocuous, but once these systems are in place every grocery run becomes a data point in a profit model. While we know that retailers are using this technology to track us, you can be assured that nation-state actors and cyber crime as doing likewise.

Personalized Pricing

Personalized web pricing has been a reality for the last decade. Online businesses have been caught increasing prices based on demand, desperation, and even iPhone model. Brick-and-mortar shops have been a reprieve from this unethical profit maximizing, but as more stores replace paper tags with electronic shelf labels (ESL), in-store surveillance pricing becomes a very real possibility.  

While retailers continue to frame facial recognition technologies as theft control or a means to “increase the customer experience”, the boundary of unethical price gouging and price discrimination was breached long ago. The question is no longer ‘will they’ but ‘how will they’. Soon, bio-metric signals could link your physical presence to data about income, purchase history, medical prescriptions, and emotional state. With that linkage, ESLs can adjust the price (read, raise the price) in real-time to what an algorithm predicts you’re willing pay.

Selling Your Data

The data rarely stays in-house. Data brokers have long gorged themselves on data from your online activity. The next prize is biometric and in-store behavioral data. Retailers are happy to sell it to advertisers, insurers, hedge funds, and political shops, exposing you to surveillance pricing and finely targeted persuasion. The business of selling data is so good that it now accounts for 35% of Kroger’s net income.

How You Can Prevent it

You don’t have to accept this as normal. While there are many extreme methods to completely thwart facial recognition, like wearing a full silicone mask, we are going to focus on simple tools you can easily integrate into your daily routine.

Keep in mind these techniques won’t defeat advanced military or government systems; they’re meant to blunt retail data collection.

The majority of retail cameras rely on high-resolution visible light cameras. Modern facial recognition systems typically measures 68 landmarks on the face, but rely on 8 critical landmarks to structure the data.

Meaning the more of these key landmarks you obscure, the less confident a consumer-grade match becomes. A baseball hat tilted low and big sunglasses is enough to obscure 4-5 of these points. Including a covid mask will cover all these points.

Infrared Cameras

Some retailers are incorporating infrared (IR) cameras to map facial features and your standard sunglasses do not block IR light. This means eye landmarks and eye tracking can still be logged. To circumvent this technology you can integrate reflective materials and IR blocking lenses. Reflective materials bounce IR light back to the camera, creating a glare that has been demonstrated to interrupt IR camera scanning.  In systems that don’t have glare filtering IR cameras, a reflective hat alone may be enough to distort the camera image.

These hats can be purchased from Amazon, but if you need a hat with more breathability I prefer this one made by Chrome.

The newest generation of IR cameras use polarized filters to block the effect of reflective materials. To deal with these there are a number of IR blocking glasses you can purchase. Amazon carries IR blocking lenses, but most of them are too dark for indoor use except for this pair.

Reflecticles is the OG company making privacy glasses. The ghost and phantom are their premium models that pair IR blocking lenses with reflective frames, but they also carry basic IR blocking glasses at a lower price point.

If you need prescription lenses Zenni Optical recently rolled out a IR blocking coating on their lenses that blocks 80% of the near-IR spectrum. The primary complaint about them online is they iPhone’s IR based FaceID, which is a pretty good endorsement.

Summary and Conclusion

The reality is that stores are no longer just selling groceries, they are selling you. While these face obscuring techniques are essential, they need to be paired with low tech techniques to be fully effective:

• Use cash whenever possible
• Use other people’s loyalty programs. The phone number (area code) 123-4567 works at a lot of grocery stores.
• Request that your image be removed from PimEyes, FaceCheck ID, Whitepages, Spokeo.

Facial obscuring is the right move for people concerned about the future of corporate surveillance. However, the technology is ever evolving, so in my next article we’ll go over the emerging science of gait identification and how to beat it.

The post Major Retailers are Spying on You!: How to Prevent it first appeared on Hackers Arise.

Welcome back, aspiring cyberwarriors!

In our line of work, situational awareness is everything. Whether you’re conducting a sensitive penetration test, meeting with a whistleblower, or simply need to know if that black sedan has been behind you for the last three stops – having the ability to detect physical surveillance could be the difference between mission success and complete compromise.

Traditional counter-surveillance requires extensive training and constant vigilance. But nowadays, a simple Raspberry Pi setup could be your digital eyes and ears, automatically detecting if the same digital signatures are following you from location to location.

As you know, every device around us is constantly broadcasting its digital fingerprints through Wi-Fi probe requests, Bluetooth advertisements, and other wireless signals. A skilled operative or private investigator following you will likely have multiple devices – phones, tablets, surveillance equipment – all creating a unique digital signature that can be tracked.

Matt Edmondson, a digital forensics expert, presented this great technique at Black Hat USA 2022. The concept is elegantly simple: if you see the same devices at Starbucks, then at the gas station, then at the bookstore – somebody might be following you. Let’s learn how to build and deploy this powerful surveillance detection system!

What is “Chasing Your Tail”?

“Chasing Your Tail” is a comprehensive Wi-Fi and Bluetooth surveillance detection system that passively monitors wireless devices in your vicinity. By analyzing probe requests and device persistence across multiple locations and time windows, it can identify potential surveillance with remarkable accuracy.

The system works by:

• Passively capturing Wi-Fi probe requests and Bluetooth advertisements
• Creating time-based persistence profiles of nearby devices
• Correlating device appearances across multiple locations
• Generating alerts when suspicious patterns emerge
• Providing GPS-correlated tracking and professional visualizations

Hardware Arsenal

For this operation, you’ll need some basic hardware. The beauty of this system is that it uses common, inexpensive components that won’t raise suspicion:

Essential Gear:

• Raspberry Pi
• Wi-Fi adapter with monitor mode support
• Portable battery pack – For extended operations
• Small display screen – For real-time monitoring (optional but recommended)
• 32GB+ SD card – For data storage and logging

Professional Setup:

• Multiple Wi-Fi adapters – For enhanced coverage
• External GPS module – For precise location correlation
• Pelican case or similar – For protecting your gear

Software Arsenal

We’ll be deploying several key components:

Kismet – Our primary packet capture engine. This open-source tool captures Wi-Fi, Bluetooth, and other wireless protocols, storing everything in SQLite databases for analysis.

Chasing Your Tail NG – The enhanced, security-hardened version of the original tool with GPS integration, advanced analytics, and professional reporting.

WiGLE API Integration – For correlating captured SSIDs with global geolocation data (optional).

Step #1: Base System Setup

First, we need to prepare our Linux environment. I’m using a Raspberry Pi 4, but technically any version should be suitable.

Install the essential packages:

raspberrypi> sudo apt install build-essential git libwebsockets-dev pkg-config \ zlib1g-dev libnl-3-dev libnl-genl-3-dev libcap-dev libpcap-dev \ libnm-dev libdw-dev libsqlite3-dev libprotobuf-dev libprotobuf-c-dev \ protobuf-compiler protobuf-c-compiler libsensors-dev libusb-1.0-0-dev \ python3 python3-setuptools python3-protobuf python3-requests \ python3-numpy python3-serial python3-usb python3-dev python3-websockets \ libubertooth-dev libbtbb-dev libmosquitto-dev librtlsdr-dev

Step #2: Install Kismet

Firstly download the source code:

raspberrypi> git clone https://www.kismetwireless.net/git/kismet.git

raspberrypi> cd kismet

Run the configure script to prepare the source code for your system by checking dependencies and generating a custom build configuration.

raspberrypi> ./configure

Next, compile the source code into binaries using make. To learn more about the make command in Linux, check out this article.

raspberrypi> make

It’s important to keep in mind that on a Raspberry Pi, even with swap enabled, compiling a large project like Kismet will be slow. Depending on the CPU speed and RAM size, it may take hours.

By the way, if you encounter an error similar to the one below:

Consider increasing the swap size, especially if you decide to run not just make but make -j$(nproc). The -jN option tells make to run N jobs in parallel, and $(nproc) expands to the number of CPU cores (on a Raspberry Pi 4 → 4). However, using this command can be risky because you might encounter an OOM (Out of Memory) error.

Finally, we can install Kismet. In general, you should install Kismet as suid-root; it will automatically create a group and install the capture binaries accordingly. When installed as suid-root, Kismet launches the binaries that control channels and interfaces with the required privileges, while keeping packet decoding and the web interface running without root privileges.

raspberrypi> sudo make suidinstall

make suidinstall will automatically create a kismet group. To run Kismet, your user needs to be part of this group. So let’s add our user to this group.

raspberrypi> sudo usermod -aG kismet

Groups are not updated automatically; you will need to reload the groups for your user.

Either log back out and log in, or in some cases, reboot.

Check that you are in the Kismet group with:

raspberrypi> groups

If you are not in the kismet group, you should log out and log back in, or reboot – some session and desktop managers don’t reload the groups on logout, either.

Step #3: Install Chasing Your Tail NG

raspberrypi>git clone https://github.com/ArgeliusLabs/Chasing-Your-Tail-NG.git

raspberrypi> cd Chasing-Your-Tail-NG

After downloading we need to install the required packages.

raspberrypi> pip3 install -r requirements.txt –break-system-packages

In the command below, I’ve used –break-system-packages flag to forces the install even if it might conflict with system packages.

Step #5: Security Hardening

The current version of “Chasing Your Tail” includes security hardening to prevent SQL injection attacks and secure credential management. Run the migration script:

raspberrypi> python3 migrate_credentials.py

This script eliminates critical vulnerabilities and sets up encrypted credential storage. Verify the security implementation:

raspberrypi> python3 chasing_your_tail.py

Here we can see different warnings and errors, but those aren’t important for us right now. What matters is the INFO message confirming that the configuration loaded with secure credential management.

Step #6: Configuration

Now we need to configure our system for optimal surveillance detection. Edit the main configuration:

raspberrypi> nano config.json

Example of the configurations:

{
  "paths": {
    "base_dir": ".",
    "log_dir": "logs",
    "kismet_logs": "/home/pi/Chasing-Your-Tail-NG/*.kismet",
    "ignore_lists": {
      "mac": "mac_list.py",
      "ssid": "ssid_list.py"
    }
  },
  "timing": {
    "check_interval": 60,
    "list_update_interval": 5,
    "time_windows": {
      "recent": 5,
      "medium": 10,
      "old": 15,
      "oldest": 20
    }
  },
  "search": {
    "lat_min": 31.3,
    "lat_max": 37.0,
    "lon_min": -114.8,
    "lon_max": -109.0
  }
}

Key settings:

• timing: Overlapping surveillance detection windows
• kismet_logs: Path to the log directory

Step #7: Wireless Interface Configuration

Your Wi-Fi adapter MUST support monitor mode. Test your setup:

raspberrypi> sudo airmon-ng start wlan0

Replace wlan1 with your actual interface. This should create a monitor interface (usually wlan1mon). If this fails, your adapter doesn’t support monitor mode — you’ll need different hardware.

In my case, I’m using a TP-Link Wi-Fi adapter with the RTL8xxxu chipset, which requires additional setup to work. If you’re using, for example, an Alfa AWUS036ACS adapter, you likely won’t encounter any issues with enabling monitor mode. But for the sake of clarity, I’ll briefly show you how I set it up:

List physical wireless devices:

raspberrypi> iw phy

Look for the one corresponding to wlan1 (in my case, it’s phy1).

Add a new monitor-mode virtual interface (e.g., mon0):

raspberrypi> sudo iw phy phy1 interface add mon0 type monitor

Bring up the new monitor interface:

raspberrypi> sudo ip link set mon0 up

Stop NetworkManager only on the specific interface you want to monitor, not the entire service:

raspberrypi> sudo nmcli dev set wlan1 managed no

Step #7: Deploying

Terminal 1 – Start Kismet:

raspberrypi> ./start_kismet_clean.sh

You might see the following error due to a hardcoded path. Edit it to the correct one using your favorite text editor. In my case, the correct directory is /home/pi/Chasing-Your-Tail-NG:

Also, check that the starting command for Kismet uses the correct interface. After these changes, the Kismet script should not print any errors.

Terminal 2 – Launch Core Monitoring:

raspberrypi> python3 chasing_your_tail.py

You’ll see an output like below.

Terminal 3 – Real-time Analysis:

raspberrypi> python3 surveillance_analyzer.py

After running the script, we’ll receive professional intelligence reports in both MD and HTML formats.

Example of the report:

Understanding the Intelligence

Time Window Analysis

The system maintains four overlapping surveillance detection windows:

• Recent: Past 5 minutes – immediate threats
• Medium: 5-10 minutes ago – establishing patterns
• Old: 10-15 minutes ago – confirming persistence
• Oldest: 15-20 minutes ago – long-term tracking

Threat Assessment Algorithms

The system uses advanced algorithms to analyze:

• Temporal Persistence: How consistently devices appear over time
• Location Correlation: Devices following you across multiple locations
• Probe Pattern Analysis: Suspicious network search behaviors
• GPS Correlation: Physical movement patterns matching your own

Persistence Scoring

Each device receives a threat score (0-1.0):

• 0.0-0.3: Background noise, likely benign
• 0.4-0.6: Possible coincidence, worth monitoring
• 0.7-0.8: High probability of surveillance
• 0.9-1.0: Active surveillance confirmed

Summary

In this tutorial, we covered the complete deployment of “Chasing Your Tail” – from hardware selection and security-hardened installation to operational deployment and professional intelligence analysis for detecting physical surveillance.

“Chasing Your Tail” is a big step forward in personal counter-surveillance. It uses common hardware and open-source software to give people powerful tools that used to require lots of training and expensive gear.

With features like real-time monitoring, GPS tracking, smart analysis, and clear visual displays, it helps users stay aware in risky situations.

The post Counter-Surveillance: How to Know Whether You Are Being Followed first appeared on Hackers Arise.

Better personal security in everyday life isn’t something everyone considers — at least, not until something goes wrong. Securing home devices and personal accounts can be daunting for those who just aren’t that interested in the devices or cybersecurity. Learning the basics of personal cybersecurity is not the most appealing activity to everyone, and getting lectured by tech-savvy family members isn’t either.

Fortunately, there is a better way to teach cybersecurity. Giving the gift of better security can grant you an opportunity to discuss broader security topics in terms that specifically relate to your loved ones’ daily lives.

Here are six security awareness gifts for the person in your life who just isn’t that into security.

1. A New, More Secure Router

Home Wi-Fi security is an important part of overall personal cybersecurity that’s commonly overlooked. Default device passwords are often left unchanged after purchases, and owners aren’t always on the lookout for firmware updates. Older router models may also use outdated security protocols, so a new router can be a security awareness gift that secures the home network.

Gifting a new router may also mean spending part of your visit as a family tech support representative who reconnects devices and updates software. As painful as change might seem to your family members, a more secure home network will be worth the effort.

2. A Password Manager Subscription

Password reuse remains a gateway to multiple types of account information, especially as more personal record caches are being exposed online or sold on the dark web. Building better password habits and eliminating reuse can go a long way toward better personal security, and a password manager subscription can be a step in this direction.

As we all know, more secure passwords are but one of the many habits required to secure your digital world. Learning a new login workflow may not be for everyone, and new users may not like the change initially, but they may feel compelled to keep going if they understand how it can help them protect their accounts.

While risk and security vulnerabilities still exist, password managers are still a better tool than weak or reused passwords.

3. Encrypted File Storage/Backups

Ransomware gets a lot of press for good reason. A ransomware attack can result in total data loss when no backup exists, but secure file storage held locally or in the cloud can help eliminate much of the dread associated with data loss after a ransomware attack.

Giving the gift of an external encrypted storage device or a cloud-based encrypted backup service can grant your family members peace of mind. Knowing that important data will be secured even if your machine is overtaken by ransomware can ease worries over potential data loss.

4. Computer Monitor Privacy Filters

Privacy filters for monitors and laptop screens help protect your on-screen activity from prying eyes. They make it nearly impossible for someone to make out what’s on your screen unless they’re sitting right in front of it. Commuters and other travelers can benefit from this kind of physical barrier to their private information being displayed in public. Filters can also serve as a physical reminder to employ better personal security practices.

Privacy filters can be removed and may not protect against unauthorized access in cases where devices are stolen. If they’re used as part of an overall better approach to physical security and cybersecurity, however, they can decrease the likelihood of data loss during travel.

5. Anti-Malware and Ransomware Protection

Protecting against known malware threats and ransomware attacks is a must for personal devices. Not all family members are aware there are solutions to help prevent ransomware attacks. Coupled with an external or cloud-based encrypted backup, an anti-malware and ransomware service subscription can help protect your loved ones’ devices from attacks. Gifting several small security awareness gifts in this way can effectively build up defenses across a variety of otherwise vulnerable channels.

Bear in mind that false positive scan results and software bugs are possible when new definitions are installed, and this could be alarming to a user unfamiliar with anti-malware software. Teaching new users what to expect from their software (including potential bugs) may help to ease their minds.

6. A Virtual Private Network (VPN) Subscription

Virtual private networks (VPNs) can be a good way to separate and encrypt your own traffic away from everything else traveling with your data. They offer significantly more privacy and security compared to a standard internet connection.

As I’m sure you know, some security awareness gifts may require a little extra work. Finding an appropriate VPN service that is maintained by a reputable company might be a challenge. Also, VPNs can be very helpful but no device can be secured from every possible attack. Understanding a VPN’s role in overall security habits could help new users as they learn a new network connection workflow.

Teaching Better Security Through Useful Tech Gifts

Each of these gifts could include discussion around their purpose, which may provide a better way to teach cybersecurity. They all reinforce better security through physical means or by encouraging new habits, and they offer the new user an opportunity to learn more about cybersecurity, a topic they might otherwise neglect.

The post 6 Security Awareness Gifts for the Cybersecurity Unaware appeared first on Security Intelligence.