Share this page!

OscarMikeGolf Profile picture
Twitter logo
28 Dec, 5 tweets, 2 min read
Someone on #NFT spaces asked me about other ways threat actors can gain more user Intel without computer or phone.. Besides Christmas lights? Some toys that have bluetooth can be comprised and threat actors can use to spy or listen in on some conversations..

👇
1. Fisher-Price Chatter bluetooth has no secure pairing process. Threat Actors can exploit this in an audio bug.
2. "My Friend Cayla" bluetooth also has similar issues.
3. Twinkly Lights:
A threat actor on the network can intercept the comms between the Twinkly lights and the mobile app and use them to manipulate the LEDs into custom patterns or turn them off.
Prevent?
When you're done playing with them - turn off bluetooth.
#NFT #NFTs #NFTCommunity

• • •

Missing some Tweet in this thread? You can try to force a refresh
 

Keep Current with OscarMikeGolf

OscarMikeGolf Profile picture

Stay in touch and get notified when new unrolls are available from this author!

Read all threads

This Thread may be Removed Anytime!

PDF

Twitter may remove this content at anytime! Save it as PDF for later use!

Try unrolling a thread yourself!

how to unroll video
  1. Follow @ThreadReaderApp to mention us!

  2. From a Twitter thread mention us with a keyword "unroll"
@threadreaderapp unroll

Practice here first or read more on our help page!

More from @nft_sec

OscarMikeGolf Profile picture
28 Dec
Hope everyone had a nice holiday #NFTartist.

Some have asked me a question over the weekend about how threat actors are able to bypass 2FA.

👇
Man-in-the-Middle phishing toolkits:
Session Hijacking
User’s authentication cookies:
Files created inside a web browser once the user has logged into an account after the 2FA process was completed.
Read 8 tweets
OscarMikeGolf Profile picture
13 Dec
Just trying to push security awareness:

1. The difference between different phishing techniques:

1. phishing: community
2. spear phishing: targeted members of the community
3. whaling: brand owner
4. vishing: by phone
5. smishing: send messages by text
6. Angler phishing: sending direct message within social media
7. Pharming: malicious actors hijack a Domain Name Server (DNS), the server that translates URLs from natural language into IP addresses
8. Evil Twin: fake WiFi hotspot, often making it look legitimate, that might intercept data during transfer.
9. Watering hole phishing: threat actors research around the websites a brands employees visit often, then infecting the IP address with malicious code or downloads.
Read 10 tweets

Did Thread Reader help you today?

Support us! We are indie developers!

This site is made by just two indie developers on a laptop doing marketing, support and development! Read more about the story.

Become a Premium Member ($3/month or $30/year) and get exclusive features!

Become Premium

Too expensive? Make a small donation by buying us coffee ($5) or help with server cost ($10)

Donate via Paypal

Or Donate anonymously using crypto!

Ethereum

0xfe58350B80634f60Fa6Dc149a72b4DFbc17D341E copy

Bitcoin

3ATGMxNzCUFzxpMCHL5sWSt4DVtS8UqXpi copy

Thank you for your support!

Follow Us on Twitter!

Like this author's thread?

Get emails when @nft_sec has new unrolls!

Check out other threads from @nft_sec!

Read all threads by @nft_sec

:(