Digital security
Unboxing a new gadget this holiday season will put a smile on your face, but things can quickly turn sour if the device and the data on it aren’t properly secured.
December 21, 2023
•
,
4 minutes. read
As the holiday season approaches, we all look forward to being pampered by friends and family. Increasingly, that means our stockings will be filled with tech on the big day. It could mean anything from a Fitness Tracker has a laptop; A smartphone has a connected baby monitor. The bottom line is that we are all heavy users of smart devices. For example, more than half of Europeans today use an internet-connected TV, a quarter (26%) use smartwatches and other wearable devices, and a fifth (20%) are fans of internet-connected gaming devices.
But our adoption of smart devices comes with additional risks. Our loved ones may not have paid much attention to the fine print when they clicked “buy” on our gifts. So the pressure is on all of us to ensure our dream holiday gift doesn’t turn into a security nightmare.
What are the risks ?
The level of risk you face will depend on the type of device you open on Christmas Day. But some common problems can put your online accounts and your personal and financial data at risk:
- The product contains unpatched software or firmware. This could allow hackers to exploit vulnerabilities in attacks to achieve various goals.
- The product’s default password is easy to guess/crack and the product does not require the user to immediately update the password. This could allow attackers to hijack the product remotely with relatively little effort.
- There’s no two-factor authentication (2FA) enabled by default, which could make it easier for hackers to hack the device.
- No device lock is activated, putting the device at risk if lost or stolen.
- Privacy settings are not secure enough by default, leading you to excessively share personal data with advertisers or potential malicious entities. This is particularly troubling if it is a children’s toy.
- Some settings like video and audio recordings are enabled by default, putting your child’s privacy at risk.
- There is no encryption on the account creation and login process, exposing usernames and passwords.
- Pairing the device (i.e. with another smart toy or app) is done via Bluetooth with no authentication required. This could allow anyone within range to connect to the toy to stream offensive or upsetting content or send manipulative messages to your child.
- The device automatically shares geolocation, potentially putting your family in physical danger or at risk of burglary.
- There is no security software on the device, which means it is more exposed to internet-born threats that could steal data or lock the device.
The problem is that in many parts of the world there is no legal requirement for manufacturers, distributors and importers to sell secure internet-connected products. By exploiting poor vendor design and limited attention to security best practices, malicious hackers can carry out a range of attacks to hijack your devices and access the data stored on them. This may include logins to some of your most sensitive accounts, like online banking.
Alternatively, the device itself could be controlled remotely and integrated into a botnet of compromised devices designed to launch attacks against others, including DDoS, click fraud and phishing campaigns. Bad actors may also seek to lock your device with ransomware and demand a fee so you can access it again. Or, they might download adware that floods the device’s screen with advertisements, rendering it virtually unusable. At the same time, limited privacy protections may lead to data about you or your family being shared with advertisers and other parties.
10 Ways to Secure Your Gadgets
With the above in mind, follow these tips to protect you and your family from cybersecurity and privacy risks this holiday and beyond:
1. Ditch the defaults and secure every gadget with a strong, long, unique password during setup.
2. Wherever there is an option, enable 2FA for increased login security.
3. Visit only legitimate app stores when downloading apps on your device.
4. Never jailbreak devices as this can expose them to many security risks.
5. Make sure all software and operating systems are up to date and on the latest version. And enable automatic updates when possible.
6. Change device settings to prevent unauthorized pairing with other devices.
7. Disable remote management and Universal Plug and Play (UPnP) where available and make sure the device is registered and receiving updates.
8. Back up your device data in case of ransomware or other threats.
9. Keep all smart home devices on a separate Wi-Fi network so attackers can’t access your most sensitive information.
10. If possible, install security software on the device from a reputable vendor.
Let’s all have a safe and happy holiday season. And the next time you’re buying a gadget for a friend or relative, take a little extra time at the research stage to make sure it gets good ratings and reviews for security and privacy. This could save them a lot of time on Christmas Day and beyond.
BEFORE YOU LEAVE: Help! My child asked Santa for a smartphone