Cybersecurity

I recently spent a week building a cheap, repeatable workflow to detect malicious firmware implants on consumer routers using nothing more than a Raspberry Pi and free tools. If you manage home networks, small office gear, or test client devices, this is a practical way to get visibility into whether a router’s firmware has been tampered with without buying an expensive hardware analyzer. Below I walk through the signals I look for, the tools...

Read more...

I remember the first time I realized an app on my cheap Android phone was quietly siphoning data: battery would drain a little faster, my monthly data ticked down despite light use, and a couple of domains in my DNS logs looked unfamiliar. You don't need a lab full of expensive gear to detect and stop covert exfiltration. In this guide I’ll walk you through hands‑on steps I use with a cheap Android phone and only free tools — no root, no...

Read more...

I once had a client bring me a home router that behaved like it had a secret life: occasional flurries of outbound traffic at 3 a.m., DNS responses that sometimes led to odd domains, and a slightly sluggish web UI. The vendor image looked normal and the firmware version matched what the vendor published. That’s the kind of situation where you start suspecting a stealthy firmware implant — code that survives reboots, hides from casual...

Read more...

I get asked all the time: “Can I keep a cheap Android phone and still get security updates?” and “How do I turn that phone into something safe enough for private messaging?” I’ve tested budget handsets, refurbished Pixels and mid‑range A-series devices for Roctoken Co, and there are sensible, practical choices you can make without spending a fortune. Below I walk through which budget Android phones still receive updates, what to...

Read more...

I recently set up a new smart home hub and, like many of you, I wanted to plug in my Ring cameras and a handful of Google Nest devices as quickly as possible. The excitement of a unified dashboard is real—but so is the risk. Lateral network attacks, where a compromised device hops across your local network to access other devices or sensitive data, are a very plausible threat in a mixed-vendor environment. Below I walk through what I check in...

Read more...

I’ve spent a lot of time hardening WordPress sites and headless storefronts against credential stuffing campaigns, and the single clearest lesson is this: you need both obfuscation to reduce noisy attack surface and real-time monitoring to detect and stop adaptive attackers. Relying on one or the other will leave gaps. In this piece I’ll walk through practical, hands‑on controls I use—what helps, what’s theatre, and how to wire these...

Read more...

I get asked often which cheap Android phones are actually worth buying if you care about security and privacy. The short answer: some inexpensive phones get timely security updates, but you have to pick carefully and then lock the device down. Below I walk through which makers and models are best for update reliability at budget prices, how to check update policies before you buy, and a practical, step‑by‑step lockdown checklist you can...

Read more...

I’ve been carrying a Pixel Fold as my daily driver for several months while testing security features, privacy tradeoffs and real‑world usability. Foldables are inherently different: a larger attack surface (more sensors, hinges and screens), combined with the tight hardware‑software integration Google offers, makes for an interesting security question: Can the Pixel Fold be a secure daily phone for regular users and privacy‑conscious...

Read more...

I remember the first time a third‑party SDK caused a late‑night incident: a benign analytics library I’d approved began exfiltrating data after an upstream compromise. Since then I’ve made detecting supply‑chain tampering a standard part of any pre‑production gate. The good news is you can do a lot with free, open tools—SBOM generators, signature verifiers, lightweight static checks and simple binary inspections—to catch...

Read more...

I’ve spent a lot of time testing apps on cheap Android phones to answer one simple question: is an app quietly siphoning data off your device? You don’t need expensive lab gear to do a credible audit. With a cheap Android handset, a laptop, and a handful of free tools, you can perform both static and dynamic checks that expose common covert exfiltration techniques — DNS tunnelling, data-in-query-strings, encrypted uploads to...

Read more...