Main menu


Those 'smart' toys and appliances Iot on gift lists have a creepy side


Those 'smart' toys and appliances Iot on gift lists have a creepy side

Those 'smart' toys and appliances Iot on gift lists have a creepy side

When holiday shoppers try to "wow" their friends, family and colleagues with the season's top gifts -- think Amazon Echo, smart TVs, and internet-enabled toys -- they may inadvertently expose their gifts online In a world of safety and suffering. Unfortunately, hackers looking to expand their attacks beyond the web and email have set their sights on the devices connected to our home networks.

Despite recent security concerns with IoT devices (i.e. smart teddy bear flaws), a recent survey found that 65% of millennials are unaware of IoT risks, and the same percentage don't take this type of security seriously . However, since the stockings have been carefully hung from the chimney, it is important to raise awareness about the types of threats that plague these devices. Before making the final purchase, let's explore which popular items are most at risk and how owners can protect their new toys.

Ho-Hold the phone - consider these potential risks

The newest and hottest devices are clearly at the top of the holiday wish list, and for good reason! Many of these are not only fun additions to the family, but also play a role in everyday activities (like turning lights on and off, controlling music, locking doors, and entertaining children) Aspects also add an important convenience factor. However, consumers must weigh the pros and cons before bringing these items into the home.

One of the biggest risks associated with installing IoT devices is the loss of privacy. As the Internet of Things grows, devices with cameras in them should be avoided at all costs. We've seen bugs pop up time and time again in connected cameras -- see examples here and here. While it makes sense to use IoT cameras outside for security purposes, bringing them home can be, and always has been, an issue.

In addition to security cameras, we're also seeing video capabilities in appliances like TVs, toys, and even vacuum cleaners. Shoppers need to carefully consider the potential impact before buying and gifting these items.

So, what equipment is on Santa's naughty list?

Over the past year, there have been a number of toys designed for children that have posed serious risks - the Cayla doll is a good example. Unfortunately, as manufacturers continue to develop and release connected toys, safety is not always a priority when installing components such as remote audio and/or video capabilities. Combined with the fact that children are vulnerable to predation, shoppers should exercise extreme caution when choosing any internet-embedded technology device for children.

From a connected home perspective, smart speakers are a perfect example of increased risk in the home. While these projects will be all the rage this year, it's important to assess their security implications. Just last month, we saw the BlueBorne vulnerability that made prominent devices in the category vulnerable to hackers just by connecting via Bluetooth -- a way malicious actors could provide false information to smart speaker owners ( i.e. traffic reports and inaccurate timetables) and even surveillance of victims. What's the scariest part? If hackers gain control of a connected device, they could spread to other networked devices or eavesdrop on network traffic communications.

In addition, the hackers exposed smart systems used to control door locks and garage door openers. Apple's HomeKit is the most recent example. As always, though, Apple was able to quickly resolve this issue with a server-side patch.

Does this mean IoT devices should be removed from our wish list?

Let's be realistic -- the entire holiday shopping crowd isn't going to give up buying IoT devices as gifts because they could be hacked. And, let’s be honest, many items are still great gifts—for example, those that add convenience and entertainment, like lighting automation and switch sockets.

That being said, consumers still need to do their due diligence to protect these items, and be especially cautious of devices with cameras. A few questions to ask before buying an IoT device include:

Who is the manufacturer? Is it a reputable one, or a dubious knockoff that will save you a few bucks? Look for products released this holiday season from companies like Amazon, Apple, Bose, and Google. Many of these companies, such as Amazon and Google, already have patching solutions in place, so if a vulnerability does arise, they can quickly mitigate the problem. This may cost more upfront, but the savings from potential security breaches can come in leaps and bounds.

What are the known vulnerabilities? Before completing your purchase, do a quick search to see if any security holes have been found in the gift before. The first Google search result you've been following this product is an exploit/problem? If so, you might want to stay away from that gift and consider another.

Will the device update automatically? It is critical to ensure that the latest firmware is installed on any internet-connected device. Old firmware equals a new entry point for malicious actors. One of the easiest ways to ensure this is to buy a device that updates automatically and doesn't require manual firmware installation.

IoT is coming to town

Whether we like it or not, these devices are in our home. But if you've already purchased and wrapped these gifts for loved ones and colleagues, don't worry. Give a safe gift this year and pass along these helpful tips in your connected purchases:

Use technology as intended: Ensure equipment is deployed correctly and used as designed. Follow the installation instructions exactly and double check that the latest firmware is installed.

Change your default password: Never stick to what you're given! Also, when choosing a new password, follow the same steps as when choosing a password for your online banking account. Do not use any of your personal information - including Fido's name - and avoid using passwords that contain words/phrases that may be associated with you, your business and/or personal life. Also, don't reuse passwords across multiple devices/accounts.

We had plenty of time to worry about this holiday season with 10+ family members running around the house fueled by eggnog and candy. Don't let cybersecurity add another thing to your list. Follow these simple IoT security tips to ensure you and your loved ones have a hassle-free vacation.