With the holidays come electronic gifts but they’re not always the ones you asked for or, as a consumer, are even prepared for. And that includes ones we buy ourselves. What do we mean by this? Many new electronic gadgets are internet connected and they spend a surprising amount of time phoning home, to third-parties, and unfortunately sometimes to who knows where. Not too long ago many equated the Android App world with the Wild West compared to Apple’s locked down, relatively secure ecosystem. Today, Android has worked hard to tighten their own code and vet new entries to the Play Store, assisted by third-party scanning apps to reveal and root out programs with suspicious behavior. With the smart phone world largely locked down barring older un-patchable android sets, other smart devices that lack regular software updates and patching have become the new easy target. Internet-connected refrigerators which track inventory, order your food, and even suggest recipes are some of the newest members of the internet neighborhood. Add to them virtual assistants from Apple, Google, Amazon, and even your cable TV provider which act upon your voice commands, and we have a complicated mix of hardware, applications, and sensors making episodes of The Jetsons look downright quaint. George Jetson was never prevented from opening his fridge due to ransomware, “pay 1 bitcoin or your fridge will stay locked and we will destroy the compressor.” Yikes!
Sadly, we are not immune to cybertheft and hacking here in the Sarasota-Bradenton area. Any internet connected device has the potential to be vulnerable to cybercriminals as evidenced by the recent IoT device DOS attack which included CCTV video cameras and digital video recorders, all of which attacked internet name servers disrupting service to Twitter and many other sites. Without proper security precautions, there is not only a high probability that your new toy, gadget, video streamer, or network appliance attached to your home or business network will have a vulnerability, but you might even be deemed negligent for plugging one in without the proper precautions. So, how do you know that devices on your network are susceptible to attack? There is no definitive list of every device with a backdoor (they’re coming out too fast and often from unregulated factories in China), but we do know the ones with the highest probability and it is well worth your time to check your new purchases and gifts against the much lauded McAfee Most Hackable Holiday Gifts list.
The 2016 version of the McAfee Most Hackable Holiday Gifts list rates the following as their top 5 most vulnerable:
- Laptops & PCs.
- Smartphones & Tablets.
- Media Players & Streaming Sticks.
- Smart Home Automation Devices & Apps.
UPDATE: The 2017 McAfee Most Hackable Holiday Gifts list is as follows:
- Digital Assistants.
- Connected Toys.
- Connected Appliances.
While most users know their older tech devices like computers and phones have security vulnerabilities cybercriminals could exploit, many assume the new devices that are members of this list come locked down. That might be true, but only for a few months until trial software expires and exploits and workarounds have your home joining a botnet that targets the internet’s infrastructure! This means that you must take precautions in locking down your environment and devices if they fall under this scope.
Here are a few simple steps you can take to enhance your cybersecurity measures that cover a wide array of electronics:
- Change any and all default passwords and use long phrases or mixed characters. There are websites which provide the default username and password combinations for a ton of products making it easy for even a pre-teen to hack your security if left unchanged.
- Disable anonymous and guest access accounts unless you absolutely need them.
- Update the firmware and/or BIOS for new electronics. Your new gadget may have been manufactured months ago before all the bugs and vulnerabilities were worked out.
- Shut your devices off when not in use because no one can access what isn’t there.
- If you have a wireless network, use the strongest encryption your devices can handle.
Overwhelmed? Tech MacGyver provides security assessments and services and for your business and home office. You can also work with your IT Department, improve your cybersecurity skills, or contract with other outside help, but whatever you do, lock it down and protect your assets, businesses, and homes.