sb-nz logo
Story image

Connected toys and wearables for Christmas? Could be a cyber security risk

ESET is warning consumers about connected gifts this Christmas season, as the popularity for devices such as wearables, connected toys and baby monitors continues to grow.

The cyber security specialists warn these types of devices can be easily hacked by e-criminals, or turned into a threat to consumers’ privacy.

ESET refers to a complaint that was lodged last week with the US Federal Trade Commission over internet-connected toys recording and transmitting kids' conversations in violation of privacy rules.

In the past few years, many baby monitors have also been reported for hacks, the latest one in the US with a hacker directly spying and talking to the toddler though the monitor, ESET says.

Connected toys

According to ESET, on average, Australian households now have nine internet-connected devices.

“With the Christmas period coming up, more and more connected toys will be hitting retailers’ shelves, but parents should be questioning the security standards of these toys before making any purchasing decisions,” says Nick FitzGerald, senior research fellow at ESET.

FitzGerald says parents should go through the following steps before and after buying a connected toy:

“Firstly, consumers should understand that as long as a device can be connected to the web or other devices and isn’t secured, it can be accessed stealthily and used to a cybercriminal’s advantage,” he says.

“If parents understand those risks, but still want to go ahead, there are a few steps to optimising security levels.”

·        Check the privacy policy of the gadgets - Is your and your children’s data protected when entering information? For example, devices asking for addresses, names, phone numbers, and details about the children’s life could also be available for hackers to access.

·        Check if the model or other gadgets of the same brand have had previous security vulnerabilities or privacy risks by searching for the brand name and those terms. Does your family want to risk being spied on? If not, maybe this gadget isn’t worth it. Or, if it still seems desirable, perhaps there are configuration options you can change to make them more secure – just remember to make those changes before you connect it to your home network!

·        If there are some requirements to being connected to the internet, double check your Wi-Fi connection is properly secured and install a strong password on the connected device if possible.

·        Get a proper security solution for all your devices. Via toys and baby monitors, hackers can also try to access your personal data through mobiles and tablets.  

·        When not in use, turn the gadget off completely.

FitzGerald says several popular network-connected toys and baby monitors have already been shown to introduce major privacy or security risks.

“Further, these are not just from cheap, no-name manufacturers, so do the research rather than assume that because it’s a well-known brand it should be safe,” he explains.

“The most important thing here is for parents to understand the risks and then proceed with caution.”

 Connected devices:

“When consumers receive a wearable such as a fitness tracker or smartwatch for Christmas, they don’t always know the security policies of the relevant manufacturers, how to properly secure their devices, or how to control the amount of data they’re sharing with the rest of the world,” FitzGerald says.

“Some wearables use Bluetooth Low Energy, which transmits data but can also be intercepted by hackers – therefore potentially exposing a lot more information and fitness data from wearables than users would like,” he explains.

FitzGerald says scammers can also obtain compromised account credentials on the black market and then try username/password combinations on different systems to see if they work on a targeted website.

Additionally, if a wearable has to communicate with other systems in order to work, but those systems are not properly secured, FitzGerald says the security of the device itself might be an issue. 

“Although consumers have to admit there is an associated risk with using these kinds of devices, there are some cyber-hygiene rules to follow if they receive or offer such a gift for Christmas,” he says.

·        If you offer a wearable for Christmas, Google the name of it combined with the word hackfraud or scam. This will help you understand any previous problems and help you make a more informed purchasing decision.

·        Once offered, set up your wearable and any associated online accounts with a unique username and password. These should be hard to guess – use passphrases instead of single words to optimise password security.

·        Review the privacy policy of any device you receive for Christmas. This will indicate how serious the device company is about protecting your data. 

“Finally, decide whether all functionalities or features of a device or app are worth using. If not, do not use features that present a high security risk,” FitzGerald adds. 

Story image
ABB and Nozomi Networks extend collaboration, deliver improved OT security solutions
"With Nozomi Networks solutions added to our cybersecurity portfolio, our customers gain proven network monitoring and threat detection technology."More
Story image
5G network security a US$9 billion dollar opportunity - report
The cloud-native nature of 5G networks will have a disruptive and positive impact on the cybersecurity industry in the next few years, with 5G network security presenting a US$9 billion enterprise market opportunity by 2025.More
Story image
IT leaders prioritising automation, Zero Trust and API-based security investments
"The study shows that a cocktail of multiplying threats, the proliferation of hybrid and cloud architectures, blended with a pandemic-fuelled explosion in distributed and remote work has created a perfect storm for network security teams."More
Story image
AvePoint brings Salesforce Cloud Backup to channel partners
The product adds to the AvePoint suite of trusted Cloud Backup for Microsoft 365 and Dynamics 365 to provide managed service providers with backup and restore capabilities across multiple, popular SaaS providers.More
Story image
From Me to We: Partnerships & multiparty systems in the post-COVID-19 age
MPS is all about sharing data infrastructure between people and organisations - think along the lines of blockchain, distributed databases and ledgers.More
Story image
Claroty discovers vulnerabilities in Ovarro TBox RTUs
The vulnerabilities could enable attackers to break into the systems and run code, crash systems, and meddle with configuration files, amongst other malicious actions.More