Connected Gifts Can Bring Unwanted "Guests"

Understanding Privacy Protection and the Risks of IoT Gifts

“Suzie wants a Fitbit watch, Johnny wants a drone.
Daddy wants an Echo Show to manage our whole home.
With all of these connected gifts, we shouldn’t have a care.
Except for hackers, ID thieves, and a whole host of malware.”
(Sung to the tune of Jolly Old Saint Nicholas) ​

It’s officially here, the season of giving, and what’s on the top of many people’s lists? Not privacy protection. Most likely it’s some type of Internet-connected gadget. According to the experts, the hot gifts this year will include voice-controlled smart home devices, doorbell cameras, air quality monitors, smart wall plugs, smart locks, smart light switches, and drones, drones, drones. (There’s even a Star Wars-themed drone for all you “Rebels” out there). It would be wonderful if all this connection and convenience would bring you nothing but comfort and joy, but the truth is, you should choose wisely, or these gifts may turn into a stocking full of coal and invite unwanted “guests” into your home or your life.​

These smart devices have become so intertwined with our lives, you would think they would be designed with security in mind. But unfortunately, that isn’t the case—and it shows. In 2016, a botnet called Mirai hijacked the computing power of over 100,000 IoT devices and used it to bring down huge websites, including Twitter, Netflix, Amazon, and CNN. A recent study found numerous IoT security and privacy risks with these devices, including a talking dinosaur toy that stored conversations in the cloud, making it easy for a predator to hack one and use it to talk to the child. Another study at Princeton University found that many of these devices lack even basic security, making it easy for hackers to steal personal data, use them to spy on consumers, or cause harm by taking control of the equipment itself. (Think fire-starting smart crockpots and crashing drones.)​

So, what’s a smart holiday shopper to do? Well, you can’t keep these gadgets off the Internet, because that’s what makes them smart devices in the first place. But before you buy one for yourself or someone else, ask the following questions:​

• Can it be used to spy on you via a microphone or camera? Are there security settings to stop that?
• Does it store your personal data in the cloud? How is your data protected? Can you control what is recorded or stored?
• Can you reset the factory password or choose stronger encryption for data transmission?
• Are there security updates for it, and are they installed automatically?

The fact is that, for now, most smart gadgets are going to be both naughty and nice, so the best you can do is to buy them from manufacturers who provide the best security (here’s a great security rating list from researchers at Georgia Tech); use unique, strong passwords for each item; and always keep software and firmware updated. ​

But if we’re making holiday wishes, here’s what would be really nice: if the government and/or industry would set standards to keep IoT devices secure. By 2022, there are predicted to be 28.5 billion devices on the Internet. In North America alone, there will be 13.4 devices per person. So, let’s hope the busy elves in tech land take notice and start making devices that will protect our privacy. In the meantime, since we can’t avoid all the risks of our super-connected lives, an identity protection plan such as MyIDCare also makes a very thoughtful gift! ​