Technology is becoming more pervasive in all areas of life, and holiday gift-giving is no exception. Today’s bright-eyed kids can expect to find plenty of tech gadgets and toys under the tree this holiday season, batteries included. But the clamor for computer-powered yuletide joy is not without its concerns. Here are six popular holiday gifts that may cost more in security risks than you realize.
To the weekend enthusiast, drones are a super cool toy. But the truth is, there are plenty of uses for these flying robots beyond entertaining your friends or annoying your neighbors. In fact, they are viewed as a downright threat by governments, business, and private citizens alike. Think of all the things that someone with malicious intent can do with a drone. Hovering drones can be used to spy on businesses, government facilities, or the family down the street. Drones can not only be used for aerial photos and videos of your property, they can also carry sophisticated surveillance equipment by terrorists or rogue spies. The potential for illicit activity is endless.
The Federal Aviation Administration (FAA) is cracking down on drones to reduce the risk of misuse. One of their efforts to regulate drone use is the requirement to register drones that weigh more than 0.55 pounds. Unmanned aerial vehicles (UAVs)—even holiday toys— can do a lot of damage. They are especially dangerous around airports, and you can expect the government to continue to limit their use.
Tip: Be sure that you are aware of any local or federal regulations that apply to your new drone. Don’t fly them anywhere near airports, and always respect the privacy of others.
You might have been able to fire up your Nintendo right out of the box in your younger days, but not today. You’ve got to download the updates, apply the updates, and then check for more updates. On a slow network or a busy Christmas day, this process can take ages. The online consensus from those who write on such things is that you’re better off doing all this work before your child tears off the wrapping paper. Unlike the video games of the past, modern games require strong measures against possible attack. That’s because all these games are now online, and game traffic can pass halfway around the world. It’s a big attack surface, and new vulnerabilities are discovered every day.
Tip: Save yourself some time and stress around the Christmas tree this year, and do all your security and game updates in advance. Your kids will thank you for it.
These days, anything with an internet connection is at risk. There was a time when television signals, sent across the airwaves, were simple analogs signals coming into your TV antenna. Now, there’s a bidirectional traffic flow to your smart TV that can be hacked like any other internet connection. This reality prompted the Portland FBI office to issue a warning, part of which we offer here:
“Beyond the risk that your TV manufacturer and app developers may be listening and watching you, that television can also be a gateway for hackers to come into your home. A bad cyber actor may not be able to access your locked-down computer directly, but it is possible that your unsecured TV can give him or her an easy way in the backdoor through your router.”
Tip: As the Portland FBI says, put a piece of black tape over the camera eye if you can’t turn it off. See the link above for more tips.
You’re not crazy—your smart home speaker can listen to your conversations. Computing resources like smart speakers can be used for more than just playing your favorite song. ZDNet covers the issue in an article called “Alexa and Google Home devices leveraged to phish and eavesdrop on users, again.” The problem is that smart speaker manufacturers allow third-party developers to access user inputs. It’s a problem that security experts are working on, but we can probably expect more issues in the future.
Tip: Make sure your smart speaker is connected to a secure WiFi network. Check the settings of your router and make sure you’re using password-protected WPA2 security.
As our personal items get “smarter,” they also pose real security risks. You would probably object to allowing the personal information tracked and stored by your smart watches to be shared publicly without your consent. But without proper security precautions, you may be exposing your health and other information to the world. Wearable technology may be the latest trend, but unprotected devices may tell more than you would like. And if you use your smartwatch to unlock your front door, what happens if you lose the watch? Just how secure is that lock? Without a PIN/pattern lock on your watch that required when it leaves your wrist, could someone have access to your virtual assistants, considering many watches have wifi built in? You can never be too careful.
Tip: Research your desired smartwatch thoroughly so you can identify potential vulnerabilities prior to purchase. Always try to think like an attacker when evaluating security.
Doorbells with camera
It’s best to discover vulnerabilities before they are exploited, but that doesn’t make the press coverage any better. There may not have been any actual attacks with the Amazon Ring Video Doorbell Pro, but researchers at the cybersecurity company Bitdefender proved that it was possible. An attacker need only eavesdrop on the Wi-Fi while a device is being initiated to capture a network password. With that, they could potentially access other files and devices on the network. The problem is that the Doorbell Pro authentication is done over an unsecure network (HTTP instead of HTTPS). A hacker will try to penetrate any crack or crevice in a network’s defenses, and until a patch was made for Amazon’s doorbell device, it was at risk of attack.
Tip: Whether you buy Amazon’s product or something else, be sure to do your homework on any network-connected device to understand any possible vulnerabilities.
As our homes become more saturated with internet-connected devices, we must be vigilant against cyber attacks. One strategy is to put all these devices on a guest Wi-Fi. (Many routers have this functionality, or it could be manually configured.) If the device only needs internet access, this separates them from the rest of your traffic on your main network, and makes exploitation that much more difficult. Beyond that, do your homework. Know your risks. And above all else, enjoy the holidays!
Ready to start taking cybersecurity and IT seriously at your small business? AaDya can help! Email firstname.lastname@example.org to speak to an AaDya team member today.