HS 243 – How To Product Your Airbnb Rental Home with BrickHouse Security Founder Todd Morris

 

Todd Morris appears on today’s episode of the Holistic Survival Show. He is the founder and CEO of BrickHouse Security. He and his spec vial team of security specialists have worked closely with law enforcement, businesses of all sizes, media companies, and more to ensure that they’re using the best security practices the market has to offer. Jason asks Todd some important questions about how people might be able to keep their real estate home safer and more protected from the latest hacks.

 

Key Takeaways:
2:40 – The skills and costs have gotten low enough that it is cost-effective to hack a company.
6:45 – Should you put your home on Airbnb?
8:20 – How do you manage your passwords? Todd explains.
12:00 – Why are most hacks done on PCs and not on Macs?
13:45 – Todd talks about his hidden camera products that his company offers.
18:10 – What’s the difference between a GPS navigator and a GPS tracker?
22:00 – Final thoughts on security updates and more.

 

Tweetables:
Morza is a security system designed specifically for someone who is doing the Airbnb-type rental.

Apple has done a good job in creating a more secure environment. They’re doing things that no other vendor is doing.

Home Depot and Target, their cash registers run on Windows and there are no cash registers that run on Macs.

 

Mentioned In This Episode:
http://www.brickhousesecurity.com/
http://www.toddmorris.com/

 

Transcript

Jason Hartman:
It’s my pleasure to welcome Todd Morris to the show. He is the CEO of BrickHouse Security. He is a nationally recognized expert in the field of technical surveillance and security. He and his team of security specialists are frequently called on by law enforcement agencies, private investigators, businesses of all size, and the media to provide the technology and best practices they need to meet their security goals. Todd, welcome, how are you?

Todd Morris:
Good, how are you doing? Thanks for having me.

Jason:
Good. My pleasure. Where are you located?

Todd:
We’re located in New York city and we also have an office in Indianapolis.

Jason:
Fantastic. Well, we live in this era of data breaches and in fact I was reading an article last night, I’ve been following the story with Sony and North Korea. That’s a pretty interesting story. The hacking that’s going on there. I read an article last night about how one expert is predicting that a major company will fall in 2015 due to a hack attack. I don’t know if that’s ever happened. I mean, I know companies have been put at risk and consumer data has gotten out and so forth, but I’m not sure if a company has completely gone out of business because of this.

Todd:
It’s quite possible in the next year and see what’s happening with Target, Home Depot, and Sony. Some of these companies they’re strong enough they can support it, but a smaller company might not be able to survive something like that.

Jason:
Yeah, no question about it. Well, is there something new going on in that world that is more worrisome than before? I mean, isn’t the security always getting better? I guess the bad actors are getting better all the time too, right?

Todd:
I think, not only are the bad actors getting better, but there are more of them and the skill level required and the cost to have people preform an attack has gotten so low that you start to see attacks that are not even financially motivated. They’re just malicious.

Jason:
Interesting. So, why has the cost gotten so low to do an attack?

Todd:
A lot of the exploits out there that attack Windows operating systems are just so easy to use that a quote unquote a script kiddie can use and you end up with this system where teenagers can download and exploit off the internet and execute it pretty easily.

Jason:
What’s an exploit?

Todd:
An exploit is a documented hole in the operating system with a defined way to attack it and use it. So, it may be that Microsoft Windows IIS server can be tricked by a spike going at it at a certain port with a certain type of data format and Microsoft has to patch that or fix it, so once that is a known hole and before its been fixed, that’s an exploit. Many of these are what’s called a zero day exploit. A zero day is exceptionally valuable because the vendor doesn’t even know about it yet. So, there are plenty of holes in the Microsoft software that Microsoft knows about, it doesn’t care to fix, but there are some that they don’t even know about and those are the most dangerous ones because you can’t keep them protected and patch your own system for them.

Jason:
And, what is a script kiddie?

Todd:
Script kiddie is a derogatory term for someone who is not really a hacker, but fancy themselves a hacker, because they can download or figure out what other hackers have done and then repeat it. It’s almost like using an Erector set instead of being an engineer.

Jason:
Very interesting. Do these hackers hirer these people and do the people not know what they’re actually doing or are the script kiddies, the malicious teenager you talked about?

Todd:
The malicious teenager are the script kiddies. What we’re looking at with things like Sony and Target and Home Depot, that’s much more advanced. In the case of Target and Home Depot, you’re talking about financially motivated people who are stealing personal data in order to sell it on a black market. I n the case of Sony, it sounds like a state actor with a bad ego problem.

Jason:
Yep, I’d agree with you. Okay, so, I originally became interested with your company, because you had a really interesting thing and I have a real estate investment company and some of my clients are asking about, you know, should I become an Airbnb-type landlord and I think you have an interesting product for that, don’t you?

Todd:
We heard from a lot of people, in fact, some of our employees as well who were using Airbnb here in New York that, you know, Airbnb is a fantastic way to be able to get some money out of your real estate while you’re traveling and spending money on a hotel or renting a place in another country and the problem is emotionally attached to their home and they have stuff in your home and trusting someone in your furnished home is very different than having a rental apartment. It’s not your primary residence.

Jason:
Well, even if it’s a..well, most Airbnb have a lot of people do those as full-time rentals, but they are furnished. So, there’s a little more than the typical investor, which is my typical client of my company that, you know, just buys a bunch of unfurnished properties and does it that way. So, yeah, it’s sort of more important to know if people are having a big party there, isn’t it?

Todd:
In many cases there are subletting an apartment or renting an apartment in an apartment building where there are neighbors who might complain and you could be at risk of losing your own lease if your tenant causes a problem. So, there are a lot of stories in the news we are hearing about parties and elicit use of apartment buildings as brothels and things like that. So, what we did is looked at our own security system, which is called Morza and looked at how we could create a package of Morza designed specifically for someone who is doing the Airbnb-type rental, short term rental.

Jason:
So, it sounds like what you have to do there is you have to have the security system minus the cameras, right? Because, you can’t have cameras.

Todd:
Absolutely. We do not want to have cameras inside, but you do wanna also have some extra alerts to understand things like, hey, somebody left the windows open and the heat is on. You know, they could run up your electric bill really high and you wouldn’t even know it. The door is opening and closing very frequently. That could be a size that there’s a party going on or someone left the door open for an hour. That could also be a sign that there are a lot of people entering at a party.

Jason:
Interesting, alright, so anything else about that package? I just thought that was an interesting sort of side note from some of the other stuff I want to talk about.

Todd:
It’s been an interesting experiment. We’ve got a lot of interesting feedback from Airbnb hosts who seem to like the idea and definitely have told us it’s a lot easier to relax on the beach when they know that there’s a problem, they’re going to know about it before a leaky faucet or something causes a flood downstairs.

Jason:
Do you want to talk about the concept of passwords? You know, this is just an ongoing hassle when we all use different websites and so forth. Are there any best practices that you want to share as far as we should manage login credentials on all these various websites?

Todd:
So, unfortunately in this modern day, we are saddle with two pretty archaic concepts. One of them is passwords and the other is credit card numbers. They’re both really archaic and should have been abandoned years ago and for certain reasons in both industries they haven’t been. On the password side, it’s really ridiculously to expect people do what they should do, which is have unique 1- digit, uncrackable passwords on hundreds of different websites where they don’t repeat the same one on all these sites. The only way do that effectively is to use a password manager, which is what we recommend. Something like 1Pass or one of those types of products that’ll help you manage multiple passwords. I would not recommend doing it inside the browser, because those are notorious for exposing your passwords.

Jason:
So, people can hack into your Firefox or your Google Chrome.

Todd:
Yeah, if you’re using Chrome or Firefox or something like that to store your passwords, I believe Safari is getting better at it, but Internet Explorer, Chrome, Firefox are far too easy to crack and get your entire treasure trove of passwords.

Jason:
So, what does the hacker do? I’m just curious, how do they do that?

Todd:
Hackers outside of your facility isn’t going to get to your browser necessarily. The concern is anyone in your office or your home could get to all of your passwords and download them.

Jason:
Okay, so it’s not an outsider. What about using the wifi at Starbucks, for example?

Todd:
If you’re using wifi at Starbucks, you should definitely be using one of those plugins that forces HTTPS everywhere, but even then, you have to be aware that it’s always possible for someone to execute a man in the middle attack and take you over their router in the facility you’re in. So, in many hotels in China, if you log on to their wifi, you are basically passing all their data through their system and the government has access to everything.

Jason:
Oh my god. Really? You know, I had heard, and I thought this was just overly paranoid, that in Chinese airports, you put your laptop through the x-ray machine and it can scan your laptop. Is that true? That didn’t seem true to me. Like, I guess it’s probably possible..

Todd:
It can’t scan your laptop, but it could do is register your Mac address and see if you have wifi or blue tooth turned on, it could register your Mac register and then they could potentially connect it to you as a person at which point once the government knows this device belongs to this person, if you’re a person of interest, any hotel you go into, they can track you down.

Jason:
Got it. So, do these routers when you’re using public routers, I think this stuff is not talked about enough and I think there’s a lot of potential risk here. The Mac addresses like the computers’ serial number or something, right?

Todd:
That’s correct.

Jason:
Yeah, so when you login on a public wifi, does it know your Mac address?

Todd:
It does know your Mac address, the only exception is iPhones and iPads now spoof your Mac address, because they’ve gotten smart about it. Apple has done a really good job in creating much more secure environment and they’re doing things that no other vendor is doing like literally giving fake Mac address when you log on in Starbucks.

Jason:
That’s really good of Apple to take care of that. I wanna ask you about Apple versus Microsoft in a moment, but does that not apply to a Macbook Apple laptop computer?

Todd:
I’m not sure whether they’re doing it in Mac OS 10 yet. I know they’re doing it on iOS, but the reality is the most secure thing to do is use your own cellular hotspot, don’t use someone else’s wifi.

Jason:
Right, okay, and then that cellular hotspot is secure, right?

Todd:
Unless you’re in China and it’s own by the government, then yeah.

Jason:
I assume that applies to North Korea and Cuba too. Okay, so, why is it it’s always all of these attacks seem to be based at PCs and the Microsoft product line and not the Apple side of the world? Is it just because, you know, I heard Leo Laporte talking about it, there’s so many more PCs, it’s just much more profitable or rewarding, I guess you might say, even if it’s not for money, for hackers to really ruin people’s lives who have PCS or is it just Apple’s system is just so much better, it just..

Todd:
There are similarly less exploits on Mac, there are still exploits if you wanted to look for them and you can certainly crack it into someone’s Mac. It’s harder, but part of that is that there’s less people researching to find those holes and the reason less people are researching is..if you look at Home Depot and Target, their cash registers are run on Windows and there are no cash registers run on Macs. There are cash registers run on iPhones and iPads now thanks to Square and those are fairly secure.

So, the fact that there’s so many cash registers and so many people have built so many systems on top of Windows, it’s been hacked so many ways to be used to control commercial air conditioning, access control systems, there are so many things in a building now that run on Windows. I was in an elevator today and I looked at the elevator and the window above it that’s suppose to be showing me advertising and telling me what’s on each floor had the blue screen of death from Windows.

Jason:
That always seems the way life is with Windows.

Todd:
Seeing the blue screen of death in an elevator while I’m coming down to the 29th floor, it’s a little disconcerting.

Jason:
I agree. Very interesting. Okay, so, you have several products, but you have a hidden camera product. Is this like Morza or the Observa product, I should say, is that like a nanny cam or what’s the big deal about a hidden camera? I mean, aren’t those all over the place now? You know, nanny cams and the alarm clock and stuff like that?

Todd:
We’ve been selling nanny cams for 10 years and covert video to law enforcement as well and one of the things that we found was nowadays everybody expects their camera to be connected to their phone. They wanna be able to view it remotely and drop cams have been incredibly popular, because it allows you to view your camera from your phone and for the high-tech geeks of the world, it looks cool, so they’re happy with it, but you show one to your wife or your girlfriend and they say, that looks kind of ugly. I don’t want that on my mantel place.

Jason:
What is drop cam, is that a competing product?

Todd:
It’s just a camera. So, there are a lot of cameras out there and one of the things that we’ve found and nanny cams that used to be is putting a camera into your house so that the nanny won’t see it have really become, I want a camera in my house, because I’ve got a house keeper, I’ve got a dog walker, I’ve got a nanny, I’ve got cleaning people coming in. In New York City, you’ve got superintendents that have keys to your apartment. So, you wanna know who’s coming in, but you don’t want your house to look like a police state, so you want a camera that can see, but will not be seen. So, what we did is we looked at the modern household and what most people have on their shelves, what something electronic that you can find in a lot of different rooms? The most common and best selling product we saw was the blue tooth speaker.

We took a blue tooth speaker and built a wifi camera into it that is connected to our Morza home security home automation system, so now we’ve got a covert camera that’s actually connected to the rest of your smart home. It knows about your thermostat, it knows about your locks, it knows about your alarm, it knows about your lights, and you can set it up to trigger all sorts of things.

Jason:
But, the camera really isn’t actually hidden in this, it’s kind of an inbetweener, isn’t it?

Todd:
It’s one of those things that people won’t give a second glance. The idea of a hidden camera is to put it into something that people won’t look too carefully at, because they’re used to seeing it in your house, so, you know, a teddy bear is the one that people always talk about, but it’s probably the worst one because when the kid starts crying, people grab it and you know it is heavier that a normal teddy bear. Most cameras you can detect if you’re an expert and you know what you’re looking for, but what we’re aiming for is products people won’t pick up and look at too closely.

Jason:
What’s your coolest product, which one would James Bond buy?

Todd:
The coolest product is probably our Spark Nano, which is the smallest GPS tracker out there that lasts weeks on a single battery charge, which I wish my cellphone would do and let’s you watch from your cellphone where things are and get an alert if they move. For example, if you got an ATV in the backyard or a boat on a trailer and you’re worried someone might pull up to it on a pick up truck and drive away with it, you can get an alert on it immediately when it starts moving and track it down. Now, for real estate investors we actually seen a rash of air conditioner thefts in the south east and we’ve had insurance companies buying these by the hundreds to put them on to the air conditioners and then track down the people who are stealing these air conditioners.

Jason:
Yeah, that’s probably because what they think they’re going to do is bust a big crime ring. It’s not about the one air conditioner, that’s just bait.

Todd:
Exactly. They’re stealing it to sell it to the guy who is buying hundreds of them.

Jason:
Yeah, exactly, good point. Okay so, that’s a really cool product. What is it, magnetic? You put it on the inside of the bummer or something?

Todd:
It’s got a magnetic case that you can put it on an ATV, you can also put it inside of something.

Jason:
My car and most cars nowadays have GPS built in, I mean, I never use the thing, I just use my phone, which most people do frankly, because it’s a better system most of the time then the GPS in the car, but you know, can’t you just track a car with its GPS it has in it already?

Todd:
So, the GPS you have in your car tells you while you’re n the car where you are and helps you get to where you want to go to.

Jason:
But, it’s gotta be talking with the satellites system, right?

Todd:
It does. What it doesn’t do is then send that information to a server that you can log into and see where the information is. So, the difference between a GPS navigator and a GPS tracker is they both receive information from the satellites and then calculate their lat/long, the difference is the navigation unit then displays it on a map right in the vehicle whereas a tracker takes that latitude and longitude and sends it over a cellular network over the internet to a server where you can then view it either on the service or on your phone and see where it is.

Jason:
Oh, so the Spark Nano tracker has a cellphone built into it then basically.

Todd:
It’s got a cellular modem built into it.

Jason:
Right, that’s what I mean, but you don’t have to pay a subscription fee to use that?

Todd:
There is a subscription for it. It runs from $14-29 a month depending on how you’re using it, but unlike a cellphone, the battery can last..we’ve got one that last for 6 months. There’s a cellphone that last 6 months out there, I’d certainly buy it.

Jason:
Yeah, wow, that’s amazing. How did you do that? It sounds like it was a pretty big accomplishment, right?

Todd:
Bigger battery, but also taking out, there’s no LCDs screen, there’s no blinky lights, there’s no buttons. It’s literally just a small device the size of a zippo lighter.

Jason:
That sounds like a great product, but just one more question and I’m just sort of curious because I saw this in a movie, how do you like that? Throw this at you, Todd. The GPS in your car, like, I remember someone trying to get away from someone or something and they turned it off or they disconnected the fuse in the car so that they couldn’t track them. Like, that could be tracked, right? Like law enforcement, if someone steals your car, can they track that or do you need LoJack on your car?

Todd:
So, our device works like a LoJack, but our device is independent from the car’s electric system, even though it planned to be powered by the electric system. It has its own backup battery, so even after the car is shut down and people start to strip the car and chop shop, you can still locate it. The difference between our product and LoJack is, with LoJack you call the police and they hunt down your car, which you don’t necessarily want to do when your teenager is not home at midnight.

Jason:
Exactly, it might be worse, actually. You could cause a bigger problem that way.

Todd:
Our system you can just turn on your phone and see where your teenager is. Either they’re at a party or they’re broken down at the side of the road or they’re on the way.

Jason:
Okay, good point. Good. What else do you want people to know about security just any part of the security world. I mean, it’s a big world obviously from thief to recovery and computer and cyber security and hackers and alarm systems for your house and Airbnb landlords, you know, there’s just a lot here.

Todd:
It’s fast moving industry and we’ve got a team of 50 people here in New York and 40 more spreading around the clove working on this and every week there are new and interesting things happening in the security realm, especially in the electronic surveillance area. We constantly update our website with new information, our blog, our YouTube channel has a lot of information to share, because people really don’t know how vulnerable they are in many cases.

Jason:
It’s a pretty exciting time with all of these, you know, the smart home really coming of age now, finally! I mean, I’ve been hearing about this for decades and it finally seems to actually be here where we can do it and have smart locks and all of this stuff. All of these security systems you have are very reasonably priced. Is that because you have a subscription with them and that’s where the money is in the product?

Todd:
Much like a cellphone, a home security system is subsidized, because the hardware itself is, you know, these aren’t inexpensive products made in China, these are CV rated and FCC rated products. So, yes, they are expensive in that you get subsidize service.

Jason:
So yeah, there is a service contract that comes with that, but the difference is with your products is that you can move them, right? Where if you call up Brinks or ADT, that’s a payroll service, but I think that’s a security company too or something, you know, it’s in the house, and when you move you’re going to leave it, right?

Todd:
That’s true. Traditionally getting a home alarm system meant some guy coming into your house with a drill and drilling holes in the walls and screwing something to the wall. With our system it’s 100% wireless, 100% cellular, so we use Z-wave and 900 megahertz and other wireless frequencies inside the house and then we transmit out via cellular to our web based service and that way you can take it with you anywhere, so we have people who use these in a summer home and take them with them to their regular home or people who are just renters and they can’t really get an installed alarm.

Jason:
Yeah, because they want to move every year and they’ve got to sign a contract and once they move, they’re maybe paying for an old contract and they’re not even living in the property anymore, so yeah, makes sense.

Todd:
Why pay extra just to have someone come and drill holes in your walls?

Jason:
Right, exactly. Well, Todd, give out your websites if you would, tell people where they can find out more.

Todd:
You can find us at BrickHouseSecurity.com and from there you can find our blog and our YouTube channel and all the other fun stuff, but BrickHouseSecurity.com is definitely the place to start.

Jason:
Good stuff and you also got ToddMorris.com as well, right?

Todd:
Yes.

Jason:
Okay, fantastic. Todd, thank you so much for joining us today.

Todd:
Thanks for having me, I appreciate it.