By Reason Cybersecurity
on Mon Dec 11 2017
As the holidays draw closer, chances are you’re busy making your gift list and checking it twice. And let’s face the facts, nowadays just about everybody on your list wants something tech-based. Sure, you may be able to get away with giving Grandma Sadie one of those gourmet William Sonoma Olive Crates, but for pretty much everybody else, you can be sure they want something tech-related.
Well, lucky for you, there is simply no end to the tech-related gear that’s oozing out of every retailer from Amazon to Walmart. But less lucky is that you guessed it, a whole lot of these gifts come with more than you bargained for. This holiday season presents buyers with lots of ways to jeopardize privacy and security. While it’s no secret by now that IoT gadgets and doo-dads can be easily hacked, even non-gadgety swag can be perilous too and you may not even realize it. To help you navigate the tech-gift scene and hopefully stay secure this year, here is our guide to what NOT to buy for the holidays.
For this list, we’re excluding laptops, tablets and smartphones because we sure hope you know by now how ridiculously vulnerable those items are, no reminders needed there. Everything else is fair game — and if you do choose to plunk down your cash on one of these babies, don’t say we didn’t warn you.
Drones: A fan favorite of preteens and wannabe pilots, drones sales tend to spike around the holidays. That means there’s a pretty decent chance that this item is already high on your “to-buy” list. While you don’t want to break anybody’s heart here, consider this: All the way back at the beginning of the year, FTC researchers demonstrated how they could easily hack commonly sold commercial drones. Not only were they able to control the video feed, but they also manipulated flight paths and made them fall to the ground. And according to ReCode, the smartphone apps connected to the drones never gave any indication of being compromised. And now, reports are surfacing that the China-based drone manufacturer DJI has been pumping out models that have been spying on the US on behalf of the Chinese government. So the smartest thing to do here is research any drone you’re considering — before you promise it to your favorite niece or nephew.
IoT stuffed animals: Sure, it may seem like a stuffed puppy that can sing lullabies to your two-year-old would be a winner of a gift. But at the end of 2016, IoT toy manufacturer Spiral Toys disclosed that they had fallen prey to a breach of their database, exposing the data of a large portion of customers. Bad enough, right? Wait, there’s more; just a few months later in 2017, researchers discovered a flaw that left puppy and his pals themselves wide open to attack. An attacker within a ten-meter range could turn the playthings into surveillance devices via a simple Bluetooth hack. That turns out to be a pretty scary plaything if you ask us. Our advice? Stick with a plain ‘ol stuffed animal.
Bitcoins: It would seem to make a lot of sense to consider investing in this cryptocurrency to help pay for the rest of the swag you’ll be buying this season. But before you go and exchange your life savings for one BTC (before the $15,000 bubble bursts, thank you), bear in mind that unlike fiat (traditional, government and regulation backed) currency, bitcoins, as well as other cryptocurrencies can be hacked, leaving you without a whole lot to show for your investment. Aside from all the questions surrounding the legality/legitimacy/good-idea-or-notness of the cryptocurrency, just last week the crypto mining service NiceHash, based in Slovenia, lost $70 million in BTC and was forced to shut down operations for at least one day. And back in 2014, the bitcoin exchange Mt Gox lost $450 million. So while it’s true that the whole bitcoin gold rush is enticing, you might want to put your pennies into an investment plan that’s a bit more of a sure deal.
Family-friendly robots: Remember Rosie from “The Jetsons”? She could clean whole apartments with a mere flick of her duster. Well, today you can buy The Alpha 2, marketed by its manufacturer, UBTech, as “The humanoid robot for all the family” and “The robot with social skills”. The Alpha 2 can take pictures, teach your kids foreign languages and even do yoga. On the downside, these cute little guys can be turned into surveillance bots for spying and even more shocking, they can be weaponized to become attack bots — and have actually hurt people. Another flaw — apparently, captured data isn’t encrypted before it is stored, leaving that data wide open to be stolen by hackers. They also start at $1300 so…. we suggest going in a less pricy, safer direction.
Amazon Key: Okay, we know you adore Amazon Prime and would do just about anything to make sure none of your precious goodies get stolen or rain-soaked while waiting outside your door. But would you do anything? How about letting some guys who work for Big A come into your home unannounced? Well, Amazon is now in the business of convincing you that you need to do just that. With the Amazon Key, a smart door lock armed with a door camera, the delivery person and people back at Amazon coordinate package drop-offs. When the delivery person tells Amazon that he/she is at your door, the people back at the center unlock your door via the app. This allows the delivery guy or gal to let themselves into your home to drop off said goodies. Creepy, right? But wait, the creepy doesn’t stop there! Using just one simple Wi-if command, researchers at security firm Rhino Security Labs were able to disable cameras, making it seem as if the door was still closed, even when it was being breached, which masks anyone breaking and entering. So save yourself, or your Prime aficionado, the $250 and go back to the neanderthals package-tracking methods of yesteryear.
By now you’re probably thinking that just about everything tech-based is hackable — and you’re right. It’s an inevitability of our hyper-connected world, and if tech-based gifts are what you’re after, there’s no escaping it. Maybe instead, forgo the techy toys and spend your cash on a homemade dinner for your loved ones. Or on a big papier-mache Minion. Or — a real puppy. Anyway, that’s probably what everyone on your list wanted to begin with. Just a suggestion, give your new pup a thorough “once-over” to make sure it hasn’t been hacked or weaponized – because today, you can never be too sure.