With Christmas just around the corner, retail activity is set to increase as shoppers hunt for the best last minute stocking fillers.
Unfortunately, with the gift of (IoT) giving, comes the threat of cyber attacks. Gift givers and recipients need to understand the potential security risks connected devices pose and how they can protect themselves.
“This year, Christmas gifts will be connected more than ever before, often requiring always-on connections to servers and our personal information. Whilst IoT devices make great gifts, with recent attacks such as Mirai, which enslaved more than an estimated two million IoT devices, it is important for consumers to understand the real risks involved, and how to protect their privacy and personal data,” said Nick FitzGerald, Senior Research Fellow, ESET.
Here are 12 ways to stay cyber safe this Christmas
- Be wary of connected children’s toys: Children’s toys are becoming increasingly high-tech, often integrating with apps and allowing connection via Bluetooth. If vulnerable, internet-connected toys can be exploited to reveal whatever data they record or collect.
- Think twice about toys that collect GPS data: GPS data in toys can be used to pinpoint the location of children. There have already been several high-profile reports of smart toy vulnerabilities including ‘smart teddy bears’ being hacked and weaponised.
- Use parental controls: When shopping for children’s toys, ensure you know what data is being transmitted, whether there are parental controls in place and how services handle the data in secure and privacy-respecting ways.
- Prepare for 24/7 listening: Many home assistants are designed to be on and listening 24/7, with always-on microphones that listen for specific catchphrases to activate. There have already been reports of hackers finding ways to take control of these devices, effectively turning them into wiretaps, potentially exposing your most private conversations.
- Mute home assistants: Users can manually mute their home assistant when not in use and should review the permissions settings on the manufactures website.
- Know what you’re sharing: Avoid using home assistants to access services that may contain sensitive data, such as banking details, and erase old recordings if possible.
- Remember gaming consoles can be hacked: Gaming consoles manufacturers typically prompt gamers to create an account to play online and purchase extra content. These accounts often contain personal details, as well as stored payment information such as a credit cards for purchases. This information has proved to be very desirable for hackers and, at least sometimes, less secure than expected.
- Go pre-paid: Gamers can protect their payment information by purchasing a pre-paid account top-up card from a newsagent or supermarket, instead of using a credit card, or use a prepaid credit card and maintain only a small balance.
- Do your research: If you are considering purchasing a ‘smart’ or ‘connected’ toy or device for any of the children on your shopping list, ESET recommends that you use your favourite search engine and run four searches:
- Toy name security vulnerability
- Toy brand name security vulnerability
- Toy brand name privacy breach
- Toy brand name data leak
- Watch for the signs: When you are ordering gifts online, check to see if ‘https’ is included in front of the web address or that a padlock symbol is displayed by the site’s address in the browser to ensure your details are encrypted during checkout.
- Prepare for the worst: Consider using a credit card instead of a debit card as you may find it easier to get your money back from a credit card if you are scammed with bogus charges.
- Update your PIN: Change your PIN if you have been using the same one for a long time.
For more tips on IoT safety, visit WeLiveSecurity blog.