Buying a Google Home or Amazon Alexa for your loved ones for the holidays may seem like an easy win, but they—and other hot tech gifts—could land you on the naughty list, security experts say.
“Not everyone knows—and some don’t even care to know—the possible risks to your privacy and security that the latest technologies can pose,” says Richard White, professor of cybersecurity at the University of Maryland University College. “It’s your responsibility to be aware of these possible threats; if you’re not, that’s more opportunity for the bad guys.”
Although Internet-connected devices are known to have security vulnerabilities, 20 percent of participants in a November survey by computer security company McAfee said they’d still buy them. Only about half said they take precautions to secure their connected devices before they use them, and just 36 percent said they ensure that the software is up-to-date.
“There’s a lot that goes into the trustworthiness of the device,” White says. “Is it a domestic brand? Is it known to have backdoors? [Is it] susceptible to the latest Wi-Fi attack? Do you have malware protection? Do you regularly install updates? Do you use it with disregard at Wi-Fi cafes? You don’t need to be a cybersecurity professional to consider these questions—they’re basic.”
From drones to dishwashers, a number of connected products should give you pause this holiday season, experts say. Here’s a look at what they are, the threats they pose to your privacy and security, and how you can use them more safely.
There’s no doubt that Google’s Home, as well as Amazon’s Alexa and Show, make managing everyday tasks easier, from adding food to your shopping list to playing music to managing your home devices or calendar. But like all Internet-connected devices, collectively known as the Internet of Things, they come with caveats.
These personal-assistant devices are designed to always be listening, says Ted Harrington, executive partner at Independent Security Evaluators, a computer security research company. In certain instances, they store and share transcriptions of recordings with third parties. If your device—or a database storing your recordings—is compromised, this information could become publicly available, Harrington says.
If a digital assistant is on your must-have list this holiday season, Harrington advises muting the device when it’s not in use, reviewing and deleting old recordings, disconnecting any unnecessary accounts, and keeping the software up-to-date.
From dolls to robots, toy makers are struggling to strike a balance between Internet-connectivity, privacy, and security. According to Which, a U.K. consumer advocacy group, a growing number of Bluetooth- and Wi-Fi-enabled toys are easy to hack.
This holiday season, Which says, consumers should shy away from the i-Que Intelligent Robot, which uses Bluetooth to pair with a phone or tablet. Because the connection is unsecured, anyone could download the app, find an i-Que within Bluetooth range, and start chatting by typing into a text field, it says.
Also on Which’s stay-away list: the Furby Connect. Like the i-Que, it doesn’t use security features when pairing with another device. Anyone within Bluetooth range could connect to the toy when it’s switched on.
To keep your family safe, the group recommends asking yourself whether an Internet-connected toy is really necessary—or at least searching online for concerns raised over a connected toy’s security and privacy before buying.
Everything in today’s homes—from TVs and refrigerators to doorbells and door locks—can be Internet-connected, which means that they can also be hacked.
Earlier this year, for example, cybersecurity company Check Point Software Technologies discovered a vulnerability in LG’s smart-home infrastructure that exposed it to user account takeovers. Hackers, it reported, could take advantage of the vulnerability to spy on a family’s home activities using the Hom-Bot robot vacuum cleaner video camera. They could also remotely control LG dishwashers, refrigerators, microwaves, and washers and dryers.
The ease with which hackers have been able to manipulate connected devices, White says, should be reason enough for holiday shoppers to think twice before buying them. Consumers should weigh the risks against the benefits.
“Know which devices are communicating, with what, and why,” White says. “And look to the manufacturer for firmware updates. It’s your responsibility to make sure you have security protocols in place.”
While drone sales are expected to top $2 billion this year, according to Gartner, securing them remains a problem. McAfee lists drones as one of the most hackable gifts of 2017—for the second year in a row. Compounding the problem: Only 29 percent of consumers agree that drones should be secured, according it its report.
Toni Birdsong, family safety evangelist for McAfee, warns that drones are easily hacked in flight. “With drones, consumers need to be aware of risks associated with drone jacking and fake Wi-Fi signals from rogue drones,” she says. And because software updates can address security, privacy, and safety risks in drones, she says, “it’s crucial to install the latest versions as soon as possible.”