Tablets, computers, smart home devices and hundreds of other web connected devices will be wrapped and tucked under the tree this holiday season.
But what you might not realize is that new gadget can pose a security risk — not only to your personal data, but to the infrastructure of the internet as a whole.
According to a new survey by Intel Security, 89 per cent of Canadians start using a connected device immediately after receiving it, but only 44 per cent of those people take the proper security measures secure it.
READ MORE: Connected ‘things’ face hacking on Internet
But what’s more concerning is while 80 per cent of Canadian consumers agree it’s important to secure their personal data online, nearly half (48 per cent) aren’t sure they are taking the right security steps.
“Consumers are often eager to use their new gadget as soon as they get it and forgo ensuring that their device is properly secured,” said Gary Davis, chief consumer security evangelist at Intel Security.
“Cybercriminals could use this lack of attention as an inroad to gather personal consumer data, exposing consumers to malware or identity theft or even use unsecured devices to launch DDoS attacks as in the recent Dyn attack.”
READ MORE: Dyn DDoS attack – How hackers may have hijacked your PVR to cripple the internet
What many may not realize is unprotected “smart” devices are often hijacked by hackers to commit distributed denial-of-service (DDoS) attacks, like the attack Davis mentioned.
In October, Domain Name Server (DNS) provider Dyn was targeted with a large-scale DDoS attack, knocking its systems offline and causing widespread outages for websites including Twitter, Netflix, Amazon, Spotify and Airbnb.
DDoS attacks are often used by hacker groups to bring down websites by flooding the site with requests until its servers crash.
The attack — which is being investigated by the FBI and the U.S. Department of Homeland Security — was orchestrated by using malware to infect “smart” devices connected to the so-called Internet of Things.
That means your Wi-Fi connected coffee machine or baby monitor could be used as a “cyber weapon” by hackers.
READ MORE: What you need to know about webcam hacking and how to prevent it
Hackers target these devices by using a piece of computer code that searches for internet-connected devices that use the manufacturer’s default setting. In other words, if you have never changed the password on your gadget, you may be targeted.
While most consumers may not feel too concerned about their smart devices being used in a plot to take down a domain name server, it’s important to note that these same lax security measures have allowed hackers to intercept the feed of baby monitors and web cams.
As you might recall, in 2015 a southwestern Ontario family called police after their baby monitor suddenly began playing music and a voice said they were being watched while one of the parents was rocking the young child to sleep in the nursery. There was also an infamous website were hackers would intercept people’s webcam feeds, watch and toy with users they referred to as their “slaves.”
More alarmingly, children’s Wi-Fi enabled toys are also at risk. According to Intel Security’s survey, 15 per cent of Canadians lacked awareness about the potential hacking risks of children’s toys.
How to protect and secure your cool new gadget
Should you unwrap a shiny new smart device this holiday season, take the following steps to protect yourself:
For computers, tablets and smartphones, considering installing anti-virus or anti-malware software. Make sure the software is up to date and that you are using the latest operating system available on your device to ensure you have the best security possible.
Experts also recommend using a secure Wi-Fi connection, which means ensuring you have a strong password on your home network and you are cautious when using public Wi-Fi networks, which are known for having notoriously bad security.
Intel Security recommends that you come up with a secure, unique password for all of your devices and, if possible, use any biometric security features on your device (such as a fingerprint scanner).
However, some security experts have raised concerns that some smart devices, like home security equipment, make it hard for the average consumer to figure out how to change password information.
“The issue with these particular devices is that a user cannot feasibly change this password,” Flashpoint security expert Zach Wikholm told KrebsOnSecurity. “The password is hardcoded into the firmware, and the tools necessary to disable it are not present.”
One thing you can do is change the password on your home router in order to better protect the devices using your home Wi-Fi connection.
You should also make sure your router has the latest firmware update installed — you can check for any updates by going to the manufacturer’s website (Nexus, D-Link, etc) and check for any available downloads.
Comments