Avoid Attacks: Protecting Hackable IoT Holiday Gifts

Create: 11/30/2016 - 12:00

Streaming sticks, drones and smart home IoT devices all made the McAfee Most Hackable Holiday Gift list of devices that can compromise security if left unprotected.

The odds are high that all kinds of IoT devices will be wrapped up and handed out this holiday season. One list solution providers should check twice before buying anything for the home or office is this one: the second annual McAfee Most Hackable Holiday Gift list, which includes several types of network-ready IoT devices.

Before compiling the Most Hackable Gift list, Intel Security with its McAfee product line enlisted OnePoll to conduct a survey of what types of technology the average consumer plans to purchase and what they know about securing these new devices. According to the survey, consumers plan to buy all types of Internet-connected devices, including smartphones and tablets, smart home automation devices and apps, laptops and PCs, security camera and drones, and streaming sticks and media players.

The survey also revealed a big challenge that users have from the time these technology gifts are unwrapped: how can they be secured? While a majority of consumers are aware of the vulnerabilities in older connected devices such as laptops (76 percent), mobile phones (70 percent) and tablets (69 percent), they know less about IoT device security.

The survey notes that the average buyer lacks awareness about the potential risks associated with emerging connected devices, including drones (20 percent), children’s toys (15 percent), virtual reality technology (15 percent) and pet gifts (11 percent).

Mitigating Risks for IoT Devices

In the IoT department, smart home automation devices such as locks, climate control and cameras made the list of most hackable gifts. The anxious enthusiasm to start using the devices can lead to security issues. Almost 79 percent of those surveyed said they connect the devices immediately, within the first day of receiving it. And only 42 percent said they take the proper security measures to protect these devices.

“Unsurprisingly, connected devices remain high on holiday wish lists this year. What is alarming is that consumers remain unaware of what behaviors pose a security risk when it comes to new devices,” said Gary Davis, chief consumer security evangelist, Intel Security, in a recent Intel Security statement.

Intel notes that cybercriminals could use this lack of attention to security to gather users’ personal data, exposing buyers to malware and identity theft. Hackers could also use unsecured IoT devices to launch distributed denial of service (DDoS) attacks. For example, the recent DDoS attack was carried out by a botnet made up of unsecured webcams and other IoT devices and crippled many popular websites connected to the Dyn domain. Intel notes that anyone installing and using IoT devices understand they can help fight these attacks by ensuring their devices are updated and patched, which helps mitigate risks from the latest threats.

Camera Captures and Drone Jackings

Intel also notes that an IoT security camera can become infected with malware as quick as 98 seconds after being connected online. If solution providers are setting up a fleet of cameras, Intel security experts note that changing the default password is always a recommended first step. However, doing so doesn’t necessarily protect a smart device from becoming infected by the Mirai malware. Solution providers should stay educated on this malware, which turns systems running Linux into remotely controlled bots that can be used as part of a botnet in large-scale network attacks.

Intel Security for safe holiday
Photo credit: Twitter @IntelSecurity #safeholiday

Drones are another hot item on the Christmas list for 2016 that made the Most Hackable lineup. Intel Security notes that drone sales are expected to grow to $20 billion by 2022, propelled by their ability to provide overhead perspectives for shooting video and photographs. Intel warns that not properly securing drones could allow hackers to disrupt the GPS signal or hijack the drone through its smartphone app.

Be Security Aware

Intel Security recommends that buyers and solution providers providing installation and management of IoT devices and networks stay wise about securing and using these popular new IoT devices. The suggestions include:

  • Secure each device. The device is the key to controlling personal information. Make sure you have comprehensive security software installed, such as McAfee LiveSafe™.
  • Only use secure Wi-Fi networks. Using IoT devices, such as smart home applications on public Wi-Fi could leave the home or office open to risk.
  • Keep software up-to-date. Apply patches as they are released from the manufacturer. Install manufacturer updates right away to ensure that the device is protected from the latest known threats.
  • Use a strong password or PIN if available for the apps and devices. If the device supports it, use multi-factor authentication (MFA), as it can include factors like a trusted device, face recognition or fingerprint to make the login more secure. For devices such as drones, using a complex password at least eight characters long with random numbers, letters and symbols is necessary for safe operation.
  • Check before you click. Be suspicious of links from people you do not know, and always use Internet security software to stay protected. Hover over the link to find a full URL of the link’s destination in the lower corner of the browser.

See the full analysis from Intel Security of the McAfee Most Hackable Holiday Gift list. Follow @IntelSecurity on Twitter for live online safety updates and tips, and use hashtag #safeholiday to discuss the Most Hackable Gifts of 2016.

About Author

Patricia Schnaidt's picture
Patricia Schnaidt
Patricia Schnaidt is an expert business technology writer. She has held top publishing and editorial positions at InternetWeek, Network Computing, Windows Magazine and LAN Magazine. Schnaidt has written countless articles, lectured extensively, and authored "Enterprise-wide Networking" (Prentice-Hall). She holds a B.A. in Computer Science from Columbia College, Columbia University.

Latest Videos