Could your Christmas gifts hack your home?

Sunday 17 December 2017

IT security experts are warning Christmas shoppers to be careful when buying internet-enabled toys and home appliances, due to the risk of them getting hacked.

Logicalis is warning Channel Islanders to check what security features are available when buying new products, and to change security settings of new devices before using them, or giving them to children.

Nearly a quarter of homes are believed to already have internet-enabled devices, and with IoT (Internet of Things) toys and appliances featuring on many Christmas lists, the number is set to grow.

Ricky Magalhaes, Head of Offshore Security (MSS), Logicalis, said: “IoT devices, such as home appliances and children’s toys are becoming increasingly popular and as we welcome more of them into our homes, we need to be aware of how to use them properly to ensure we don’t put ourselves, or our families at risk.

“Some devices have open security settings, which leave them open to being hacked – either over the internet, or by someone closer using Bluetooth. Hackers may access confidential data captured by the devices, and take control of them. For unsecured home appliances, this can lead to devices being used as part of Distributed Denial of Service (DDoS) attacks to take down major websites. For children’s toys with cameras or microphones this may lead to hackers spying on children and using the toys to talk to them.”

Earlier this year the FBI issued a consumer notice about concerns over privacy and safety with internet-enabled children’s toys. The Norwegian Consumer Council has also flagged up security issues with IoT wearables, including smart watches and trackers with GPS to show a child’s location. Issues included flaws which would allow unauthorised users to take control of apps, giving access to real time locations of device users, personal data, and allow them to contact the wearer.

Mr Magalhaes said: “Customers should check what sort of security an IoT device has before purchasing it, and ensure security settings are on, and passwords / PINS are changed, before the device is used, or given to a child. People should also check where the data collected by the device is stored, and who is given access to it.

“Once a toy is connected to the internet it should be treated with the same precautions as a computer – only going online when you know you’re using a secure wi-fi connection, patching and updating software to reduce risks of malware, and turning off appliances with microphones and cameras when not in use.”

A recent survey by Logicalis of top IT executives around the world found 69% of Channel Island Chief Information Officers surveyed believe their organisation will be affected by the Internet of Things within three years.