sb-au logo
Story image

Connected toys and wearables for Christmas? Could be a cyber security risk

ESET is warning consumers about connected gifts this Christmas season, as the popularity for devices such as wearables, connected toys and baby monitors continues to grow.

The cyber security specialists warn these types of devices can be easily hacked by e-criminals, or turned into a threat to consumers’ privacy.

ESET refers to a complaint that was lodged last week with the US Federal Trade Commission over internet-connected toys recording and transmitting kids' conversations in violation of privacy rules.

In the past few years, many baby monitors have also been reported for hacks, the latest one in the US with a hacker directly spying and talking to the toddler though the monitor, ESET says.

Connected toys

According to ESET, on average, Australian households now have nine internet-connected devices.

“With the Christmas period coming up, more and more connected toys will be hitting retailers’ shelves, but parents should be questioning the security standards of these toys before making any purchasing decisions,” says Nick FitzGerald, senior research fellow at ESET.

FitzGerald says parents should go through the following steps before and after buying a connected toy:

“Firstly, consumers should understand that as long as a device can be connected to the web or other devices and isn’t secured, it can be accessed stealthily and used to a cybercriminal’s advantage,” he says.

“If parents understand those risks, but still want to go ahead, there are a few steps to optimising security levels.”

·        Check the privacy policy of the gadgets - Is your and your children’s data protected when entering information? For example, devices asking for addresses, names, phone numbers, and details about the children’s life could also be available for hackers to access.

·        Check if the model or other gadgets of the same brand have had previous security vulnerabilities or privacy risks by searching for the brand name and those terms. Does your family want to risk being spied on? If not, maybe this gadget isn’t worth it. Or, if it still seems desirable, perhaps there are configuration options you can change to make them more secure – just remember to make those changes before you connect it to your home network!

·        If there are some requirements to being connected to the internet, double check your Wi-Fi connection is properly secured and install a strong password on the connected device if possible.

·        Get a proper security solution for all your devices. Via toys and baby monitors, hackers can also try to access your personal data through mobiles and tablets.  

·        When not in use, turn the gadget off completely.

FitzGerald says several popular network-connected toys and baby monitors have already been shown to introduce major privacy or security risks.

“Further, these are not just from cheap, no-name manufacturers, so do the research rather than assume that because it’s a well-known brand it should be safe,” he explains.

“The most important thing here is for parents to understand the risks and then proceed with caution.”

 Connected devices:

“When consumers receive a wearable such as a fitness tracker or smartwatch for Christmas, they don’t always know the security policies of the relevant manufacturers, how to properly secure their devices, or how to control the amount of data they’re sharing with the rest of the world,” FitzGerald says.

“Some wearables use Bluetooth Low Energy, which transmits data but can also be intercepted by hackers – therefore potentially exposing a lot more information and fitness data from wearables than users would like,” he explains.

FitzGerald says scammers can also obtain compromised account credentials on the black market and then try username/password combinations on different systems to see if they work on a targeted website.

Additionally, if a wearable has to communicate with other systems in order to work, but those systems are not properly secured, FitzGerald says the security of the device itself might be an issue. 

“Although consumers have to admit there is an associated risk with using these kinds of devices, there are some cyber-hygiene rules to follow if they receive or offer such a gift for Christmas,” he says.

·        If you offer a wearable for Christmas, Google the name of it combined with the word hackfraud or scam. This will help you understand any previous problems and help you make a more informed purchasing decision.

·        Once offered, set up your wearable and any associated online accounts with a unique username and password. These should be hard to guess – use passphrases instead of single words to optimise password security.

·        Review the privacy policy of any device you receive for Christmas. This will indicate how serious the device company is about protecting your data. 

“Finally, decide whether all functionalities or features of a device or app are worth using. If not, do not use features that present a high security risk,” FitzGerald adds. 

Story image
SMBs seeking service providers in face of rising cyber threats
SMBs are struggling with their cybersecurity solutions, with three quarters worried about being the target of a cyberattack in the next six months, and 91% considering using or switching to a new IT service provider if offered a better option.More
Story image
Why it’s essential to re-write IT security for the cloud era
Key components of network security architecture for the cloud era should be built from the ground up, as opposed to being bolted on to legacy solutions built for organisations functioning only on-premises or from only managed devices.More
Story image
Kaspersky finds red tape biggest barrier against cybersecurity initiatives
The most common obstacles that inhibit or delay the implementation of industrial cybersecurity projects include the inability to stop production (34%), and bureaucratic steps, such as a lengthy approval process (31%) and having too many decision-makers (23%). More
Story image
Five security challenges for the Enterprise of Things
Many enterprise networks aren't adequately managed, creating risk for businesses that don’t have full visibility into all of the devices on their network, writes Forescout regional director for A/NZ Rohan Langdon.More
Story image
Jamf extends Microsoft collaboration with iOS Device Compliance
Organisations will soon be able to use Jamf for Apple ecosystem management while using Azure Active Directory and Microsoft Endpoint manager to maintain conditional access.More
Story image
Is cyber deception the latest SOC 'game changer'?
Cyber deception reduces data breach costs by more than 51% and Security Operations Centre (SOC) inefficiencies by 32%, according to a new research report by Attivo Networks and Kevin Fiscus of Deceptive Defense.More