8 Most Hackable Holiday Gifts, 2016 Edition
You better watch out! Otherwise, you may be giving the gift of malware or unauthorized access to networks and devices.
December 14, 2016
![](https://eu-images.contentstack.com/v3/assets/blt6d90778a997de1cd/blt711315eb6ea43ae9/64f0d9313bf7100ad05dfb70/01-red-gifts.jpg?width=700&auto=webp&quality=80&disable=upscale)
Here we are with the end-of-year holidays upon us, and so much pressure to give, give, give. But before you go and click your way across Amazon or BestBuy.com, think for just a minute: Would Oprah give away cars without locks or airbags? No, she would not and neither should you, especially if you're planning to buy technology for everyone on your list.
And that's where things can start to get a little fraught. Of course we all want to give a cool, useful, desired, connected gift, without exposing the recipient to malware, default passcode vulnerabilities or worse. Regardless of your creed or traditions, ransomware makes a crap gift.
So we've put together this helpful list to help you avoid the common pitfalls with technology gifts or holiday staples that find themselves networked with IP addresses and wireless connectivity.
What items did we miss on our list? Be one of Santa's virtual helpers and tell us in the comments. In the meantime, shop til you drop and save those receipts.
That distributed denial-of-service attack that brought Dyn to its knees in October used infected devices attached to the Internet of Things (aka zombies) to do its dirty work. And there have been other proofs of concept for compromising IoT-attached devices.
So if you're giving devices like DVRs, video cameras (which were used in the Dyn attack), media players, streaming sticks or gaming consoles, it's important to make sure you've got the newest firmware for the device, according to Ruston Miles, chief innovation officer at Bluefin Payment Systems. "It's a good idea to get the latest software update after unwrapping Santa's gifts in case any elves have messed with them," he adds.
Because nothing spoils the holidays like a zombie.
Gift cards have well-known vulnerabilities, as do credit or debit cards, even those with the new EMV chips that are supposed to reduce fraud. But if an unsuspecting merchant's point-of-sale terminal is infected with the right malware, hackers can easily steal the card number data, chipped or not, according to Ruston Miles, chief innovation officer at Bluefin Payment Systems.
Merchants should enable hardware-encryption like Point-to-Point Encryption (P2PE) on their card readers, he advises, which would give users the POS security equivalent of that green lock on their Web browser. "Consumers can ask their favorite merchants to upgrade their readers to support this important security feature," Miles adds.
The drone market is expected to top $21 billion in the next five years, driven by commercial users like film and video crews; Amazon's holding tightly to its dream of drone deliveries as well. In the meantime, hobbyists will pick up the slack and fly the devices through cityscapes and out in nature. And even as the FAA continues to fine-tune rules of operation, it's clear drones will be a popular gift this holiday season.
But Intel Security warns that not properly securing the device could allow hackers to disrupt the GPS signal or hijack the drone through its smartphone app. "Drones are the devices that consumers are least likely to think about security," says Gary Davis, chief consumer security evangelist of Intel Security. "They get the device, unpack it and start using it without any thought of security," he tells Dark Reading.
Looks like Santa better pack the automated software patching kits this year.
Results from an Intel Security survey revealed that more than half - 52% - of consumers plan to buy either a smartphone or a tablet computer this holiday season. Just like PCs and laptops, malware could result in loss of personal and financial information, or worse.
Both smartphones and tablets also tend to do double-duty for consumers, mixing business and personal information in one dense form-factor. In addition to all the usual precautions with changing default passwords and updating firmware, smartphone and tablet users should also consider some sort of tracking software that allows them to locate their device in the event of loss or theft. They may even want to consider a "kill switch," software that scrambles the stored data and makes the device inoperable, depending on the value or sensitivity of its contents.
The new breed of smart home devices and apps give users more control of their homes and appliances from their smartphones or tablets. But as attacks and proofs-of-concept start to accumulate around devices attached to the Internet of Things, it's only a matter of time before the next big attack that uses the IoT as its launchpad. Hackers have already demonstrated techniques that could be used to compromise Bluetooth-powered door locks and other IP-enabled home devices.
Gary Davis, chief consumer security evangelist at Intel Security, believes consumers can make a big difference here by doing their homework. "Some companies have been notorious with their security vulnerabilities, like with cameras. Is that model repeatedly in the news for exploited vulnerabilities or attacks?" he asks. A little research will reduce the likelihood, if not the severity, of a future attack.
Some final, unsolicited holiday advice: Unplug from the Interwebs. Go for a walk, weather permitting. Practice authentic curiosity with a family member. And have a bright holiday season and an excellent new year!
The new breed of smart home devices and apps give users more control of their homes and appliances from their smartphones or tablets. But as attacks and proofs-of-concept start to accumulate around devices attached to the Internet of Things, it's only a matter of time before the next big attack that uses the IoT as its launchpad. Hackers have already demonstrated techniques that could be used to compromise Bluetooth-powered door locks and other IP-enabled home devices.
Gary Davis, chief consumer security evangelist at Intel Security, believes consumers can make a big difference here by doing their homework. "Some companies have been notorious with their security vulnerabilities, like with cameras. Is that model repeatedly in the news for exploited vulnerabilities or attacks?" he asks. A little research will reduce the likelihood, if not the severity, of a future attack.
Some final, unsolicited holiday advice: Unplug from the Interwebs. Go for a walk, weather permitting. Practice authentic curiosity with a family member. And have a bright holiday season and an excellent new year!
Here we are with the end-of-year holidays upon us, and so much pressure to give, give, give. But before you go and click your way across Amazon or BestBuy.com, think for just a minute: Would Oprah give away cars without locks or airbags? No, she would not and neither should you, especially if you're planning to buy technology for everyone on your list.
And that's where things can start to get a little fraught. Of course we all want to give a cool, useful, desired, connected gift, without exposing the recipient to malware, default passcode vulnerabilities or worse. Regardless of your creed or traditions, ransomware makes a crap gift.
So we've put together this helpful list to help you avoid the common pitfalls with technology gifts or holiday staples that find themselves networked with IP addresses and wireless connectivity.
What items did we miss on our list? Be one of Santa's virtual helpers and tell us in the comments. In the meantime, shop til you drop and save those receipts.
About the Author(s)
You May Also Like
CISO Perspectives: How to make AI an Accelerator, Not a Blocker
August 20, 2024Securing Your Cloud Assets
August 27, 2024