A hidden threat may be lurking under your Christmas tree this year. From fitness bands to digital photo frames, some seemingly innocuous presents may harbor flaws that can be exploited by hackers.
“Most likely, a hacker isn’t very interested in how long you’ve run or [in controlling] any appliances in your home,” says Ebba Blitz, president of security and encryption firm Alertsec. “However, anything that’s connected to the Internet could open up a potential backdoor to your laptop.”
Fortunately, there is no need to pitch all your new holiday goodies. Instead, Blitz and other security experts say consumers can protect themselves by taking a few simple precautions.
Manufacturers Skimping on Security Measures
Gary Davis, chief consumer security evangelist for Intel, says the problem lies largely with manufacturers who rush to get products on the shelves. “Most manufacturers are foregoing even the most basic of security controls,” he says.
What’s more, many of the coders who are developing these products have little to no security background. As a result, plenty of items hit the market with glaring vulnerabilities that are easy for hackers to identify and use.
Seven out of 10 Internet-enabled devices – such as TVs, home alarms and thermostats – contain security vulnerabilities, according to a 2014 study from computer manufacturer HP. In fact, the devices studied had an average of 25 vulnerabilities each, with problems ranging from data collection and password security, to failure to encrypt transmitted information.
How Hackers Exploit Holiday Gifts
Thieves use the vulnerabilities in these devices to gain access to your network and sensitive information on your computer.
Robert Siciliano, a security and identity theft expert and consultant, explains there are four ways hackers may use everything from smart watches to cameras to attack your system.
Malware on devices: “Any device that connects to your computer can potentially come with malware,” Siciliano says. Then, when you connect the device to your computer, the malware is automatically transferred.
Hacking wireless devices: Devices that connect to the Internet wirelessly may be vulnerable if information is not sent via a secured connection. Thieves can intercept the information and use it to break into your system.
Tapping into Bluetooth: As with wireless connections, hackers may be able to use a device’s Bluetooth technology to infiltrate a phone or network.
Holes in software: A device’s software or firmware – which are instructions programmed into the device – may have gaps that allow criminals to worm their way into a device.
“If you’re able to tunnel into my laptop or mobile devices, you have unfettered access to everything,” Davis says of the threat.
6 Ways to Protect Yourself from Security Threats
Experts say a few simple security steps go a long way to ensuring the safety and privacy of your data.
“Security companies are continuing to evolve and increase security measures across the board, but just as they evolve, so do cyber criminals,” says Paige Hanson, chief of identity education for the identity theft prevention and detection firm LifeLock. “It’s important for consumers to be aware of how they might be at risk and take preventative measures.”
Those preventive measure include the following:
1. Install anti-virus protection on your computer. An anti-virus program should automatically scan any device you connect to your computer for malware.
2. Use guest accounts and a firewall. “Set up guest accounts for connected things and use a router-based firewall,” Blitz says. Doing so ensures that even if a device is compromised, hackers will still be boxed out of your computer.
3. Set up accounts with strong passwords. Despite all that is known about secure passwords, Davis says plenty of people still use simple codes like “1234.” He says all accounts should be set up with a strong password with letters, numbers and symbols, and whenever possible, people should use a password manager to help them create and store hard-to-crack codes.
4. Wipe old devices before disposing or gifting. Hanson says hand-me-down cellphones and mobile devices are a popular gift during the holidays, especially for teens and tweens. However, too many people fail to wipe their data from the device first. That means that not only could the new owner access your information, but hackers could too if the device isn’t used securely.
5. Turn off Bluetooth. When you’re not using it, Siciliano says it’s a good idea to turn off the Bluetooth on your devices.
6. Install device updates right away. Since devices are often rushed to the market, vulnerabilities may not be discovered until later. At that point, a manufacturer may issue a software or firmware update to correct the problem. Consumers should search for updates to any device they receive and install it immediately. “Nine out of 10 times, it will be a security patch,” Davis says.
“Working in cybersecurity certainly creates a bit of a paranoia,” Blitz says. “In my view, we can’t be too safe. Any gadgets can create backdoors.”
That means even your child’s Wi-Fi-enabled teddy bear could be an unwitting accomplice to a hacker. However, don’t feel like you need to send the toy to the trash heap. Following a few, simple safety steps can go a long way toward ensuring teddy will be your child’s favorite plaything and not a hacker’s best friend.