Tech Gifts That Security Pros Will Probably Return
Insecure gifts that CISOs and other security pros are likely returning as we speak.
December 28, 2015
![](https://eu-images.contentstack.com/v3/assets/blt6d90778a997de1cd/blt168f3ff9f362737e/64f0dbf5b8733411c7cd4dbc/returnablegiftscoverimage.jpeg?width=700&auto=webp&quality=80&disable=upscale)
This weekend, the holiday returns season went into full effect. While most normal people are kicking back and finding creative ways to lose the instruction manuals to their electronics gifts, the typical security pro is busy doing risk assessments on their gifts. Secure or insecure? With IoT gifts flying fast and furious over the holidays, cyber security insiders are probably going to be operating with a "catch-and-release" policy for many insecure devices gifted to them this year.
Because regular padlocks are just not insecure enough, this Christmas season brought a new set piece in the art of security theater with the introduction of a Bluetooth wireless electronic padlock. With more attack surface area than the continent of Asia, most security pros will find every excuse to ask for the receipt for this doozy.
Unless they're into vulnerability research. Then you'd better believe they'll keep the Bluetooth Padlock to put it through its paces.
The concept of Hello Barbie is creepy enough to the Average Joe. A toy that records a child's every utterance, ostensibly so that a back-end service can catalogue, store, and analyze it in order to respond in a realistic fashion. It's a privacy nightmare and a very hackable device at that. We're pretty sure Rod Serling covered this ground capably a generation ago--most of us don't want to have a go with a modern day reinterpretation.
Considering that the typical infosec pro is a good bit twitchier about privacy than the Average Joe, chances are high that any of them with kids probably didn't even let the cellophane hit the floor before swooping in to set this toy aside in the return pile.
Nothing says "steal me" more than a password notebook that is clearly labeled "My Web Password Journal." Unless meant to be used purely ironically or to write their passwords in some arcane cipher, chances are high that most cybersecurity professionals will send this one back to the store.
It's been over a year since security researcher Justin Holcomb showed off his proof-of-concept network-attached storage worm at Black Hat, but in his talk he claimed that NAS devices are more riddled with flaws than consumer routers.
This year saw several nasty zero-day vulnerabilities exposed on prominent consumer NAS devices--including one just this fall--and the likelihood is high that the hits will keep coming in 2016. So it's not surprising that if many infosec pros will see these devices as more of a liability than a shiny gift.
Does coolness and convenience win out over paranoia? It may be a toss-up for security professionals gifted Samsung smart TVs over the holidays. This year saw several important pieces of research focused on big holes in Samsung and LG smart televisions that could leave home and corporate networks alike open to compromise. Nevertheless, it may be worth the risk for some folks willing to keep up on updates and segregate their devices from other sensitive network assets.
Since the first sensational news in 2013 that an unidentified attacker broke into a family's network to shout obscenities at a 2-year-old through a wireless camera baby monitor, infosec pros have been nervy about these devices in the nursery. A report this fall by Rapid7 only bolsters those nerves, explaining how pervasive flaws are in these devices and pointing out how new parents are the most likely to work from home and store sensitive data on a network that will share connectivity with said monitors.
VTech has got some of the coolest electronic kids toys on the market. But given the severity of the security vulnerabilities that led to the breach at the toymaker that was just disclosed a few weeks ago, many cybersecurity experts may give these toys a wide berth simply out of principle. On the plus side, the company does seem to be seeking to get its act together and has suspended the service that collected relevant information in order to secure it.
VTech has got some of the coolest electronic kids toys on the market. But given the severity of the security vulnerabilities that led to the breach at the toymaker that was just disclosed a few weeks ago, many cybersecurity experts may give these toys a wide berth simply out of principle. On the plus side, the company does seem to be seeking to get its act together and has suspended the service that collected relevant information in order to secure it.
This weekend, the holiday returns season went into full effect. While most normal people are kicking back and finding creative ways to lose the instruction manuals to their electronics gifts, the typical security pro is busy doing risk assessments on their gifts. Secure or insecure? With IoT gifts flying fast and furious over the holidays, cyber security insiders are probably going to be operating with a "catch-and-release" policy for many insecure devices gifted to them this year.
About the Author(s)
You May Also Like
CISO Perspectives: How to make AI an Accelerator, Not a Blocker
August 20, 2024Securing Your Cloud Assets
August 27, 2024