You better watch out! Otherwise, you may be giving the gift of malware or unauthorized access to networks and devices.
Like Lambs Before Lions
Giving (or getting) a new computer for the holidays? Make sure you or your recipient resolve to change any default passwords right away, stay up to date with software patches, and use a good VPN client, especially when attached to public Wi-Fi, recommends Gary Davis, chief consumer security evangelist at Intel Security. Malicious apps that target computers fresh out of the box are all too common, and aren’t just limited to Windows-based devices.
Don’t click the “Ask me later” balloon during setup – activate the security features as quickly as possible, Davis adds.
Video Gear And The Internet Of Things
That distributed denial-of-service attack that brought Dyn to its knees in October used infected devices attached to the Internet of Things (aka zombies) to do its dirty work. And there have been other proofs of concept for compromising IoT-attached devices.
So if you’re giving devices like DVRs, video cameras (which were used in the Dyn attack), media players, streaming sticks or gaming consoles, it’s important to make sure you’ve got the newest firmware for the device, according to Ruston Miles, chief innovation officer at Bluefin Payment Systems. “It’s a good idea to get the latest software update after unwrapping Santa’s gifts in case any elves have messed with them,” he adds.
Because nothing spoils the holidays like a zombie.
That’s Not The Kind of Card Swiping We Meant
Gift cards have well-known vulnerabilities, as do credit or debit cards, even those with the new EMV chips that are supposed to reduce fraud. But if an unsuspecting merchant’s point-of-sale terminal is infected with the right malware, hackers can easily steal the card number data, chipped or not, according to Ruston Miles, chief innovation officer at Bluefin Payment Systems.
Merchants should enable hardware-encryption like Point-to-Point Encryption (P2PE) on their card readers, he advises, which would give users the POS security equivalent of that green lock on their Web browser. “Consumers can ask their favorite merchants to upgrade their readers to support this important security feature,” Miles adds.
Activating the wireless interface – and downloading the special app – seems like such a great idea for that holiday accessory or toy. Connect the yard display to Wi-Fi and control it from your smartphone! Run the toy train around those curves with your iPad!
Easy there, Casey Jones.
Security vulnerabilities during the holidays aren’t just limited to smartphone and laptops, points out Gary Davis, chief consumer security evangelist, Intel Security. He tells Dark Reading he bought some Wi-Fi connected lights at Home Depot last year and the first thing he did was change their password. And if he had to do it all over again, he’d buy a little differently. The lights had both Wi-Fi and Bluetooth options, he says. “I prefer Bluetooth just because the closer proximity of the signal makes it more challenging,” Davis adds.
My Friend Cayla, for example, uses Bluetooth and three AA batteries, and doesn’t need the Internet to work. Unless you want to use some of her advanced features (games and photo sharing).
It’s like something out of the E-Nutcracker.
Wearing Your Vulnerability
As holiday gifts go, wearables – everything from clothing to watches, glasses, shoes and other accessories – can be great stocking stuffers, especially for the fitness freak or wellness oriented. Unfortunately, because wearables are generally networked (Wi-Fi and/or Bluetooth) and typically come with an app, they are also vulnerable to hacking, malware, and data theft, according to John Pironti.
At the risk of being a broken record, change the default passwords in wearable devices and make sure you have the latest version of the app.
The drone market is expected to top $21 billion in the next five years, driven by commercial users like film and video crews; Amazon’s holding tightly to its dream of drone deliveries as well. In the meantime, hobbyists will pick up the slack and fly the devices through cityscapes and out in nature. And even as the FAA continues to fine-tune rules of operation, it’s clear drones will be a popular gift this holiday season.
But Intel Security warns that not properly securing the device could allow hackers to disrupt the GPS signal or hijack the drone through its smartphone app. “Drones are the devices that consumers are least likely to think about security,” says Gary Davis. “They get the device, unpack it and start using it without any thought of security,” he tells Dark Reading.
Looks like Santa better pack the automated software patching kits this year.
Locking Down Smartphones, Tablets
Results from a security survey revealed that more than half – 52% – of consumers plan to buy either a smartphone or a tablet computer this holiday season. Just like PCs and laptops, malware could result in loss of personal and financial information, or worse.
Both smartphones and tablets also tend to do double-duty for consumers, mixing business and personal information in one dense form-factor. In addition to all the usual precautions with changing default passwords and updating firmware, smartphone and tablet users should also consider some sort of tracking software that allows them to locate their device in the event of loss or theft. They may even want to consider a “kill switch,” software that scrambles the stored data and makes the device inoperable, depending on the value or sensitivity of its contents.
Your Thermostat’s Coming For You
The new breed of smart home devices and apps give users more control of their homes and appliances from their smartphones or tablets. But as attacks and proofs-of-concept start to accumulate around devices attached to the Internet of Things, it’s only a matter of time before the next big attack that uses the IoT as its launchpad. Hackers have already demonstrated techniques that could be used to compromise Bluetooth-powered door locks and other IP-enabled home devices.
Gary Davis, believes consumers can make a big difference here by doing their homework. “Some companies have been notorious with their security vulnerabilities, like with cameras. Is that model repeatedly in the news for exploited vulnerabilities or attacks?” he asks. A little research will reduce the likelihood, if not the severity, of a future attack.
Some final, unsolicited holiday advice: Unplug from the Interwebs. Go for a walk, weather permitting. Practice authentic curiosity with a family member. And have a bright holiday season and an excellent new year!