The season for giving comes with a security hangover.
The holidays have come and gone in a whirlwind of family, friends and celebration. Even though the tinsel is put away and the tree has been taken down, the season of giving still can leave a new kind of hangover in the most innocuous places – the gifts themselves.
There are many primers out there to walk consumers through basic steps to protect their new digital devices from hackers. As more of our every day devices have wired technology built in, securing them from outside tampering becomes another part of unwrapping and setup. Steps like replacing default passwords and being aware that even devices that seem like they wouldn’t have much to offer a cyber criminal, like fitness tracker, can be tampered with thanks to how interconnected our devices are, like our smart phones and tablets.
Tablets designed for children are a growing market for parents who want to get their kids connected in a safe manner. These devices let kids sent texts, take photos, and share information just like their grown-up counterparts. It turns out that these kid-focused products are just as vulnerable to hacking; in fact, even more so.
VTech, a children’s smart device manufacturer, had a breach of the personal information of nearly 5 million parents and 200,000 kids when a hacker accessed the company’s servers last November. Data included names, email addresses, passwords and home addresses of the parents – not so different from most breaches – but alarmingly also the PII (personally identifiable information) of children, including information like birthdays, names and genders. VTech wasn’t even aware of the hack until notified by the press. Turns out the hacker was someone not looking to exploit data but someone who wanted to know how secure the devices really were. An ancient yet effective hack worked, giving the hacker access to data that included photos and chat logs. VTech has since repaired the issue, but the sensitive data was at risk from day one due to security failings baked into the technology.
Children’s tablets aren’t the only toy that may have been under the tree this year that could be hackable. Mattel’s Hello Barbie, a toy that received rounds of criticism when announced last spring, came out this past fall. When the child presses the button, the doll will record audio and transmit it back to their servers to be analyzed and response sent back for Barbie to speak. The toy understandably sparked privacy concerns and since its release, security experts warn that the doll is hackable. Through a hacked Barbie, the unauthorized person could have access to account information and the stored audio files, even take over the microphone, and even more worrisome, could gain access to the household Wi-Fi and even more personal information of the targeted family.
In case you’re thinking maybe it’s time to pack up these gifts and just stick with gift cards, think again. These easy-to-grab cards have always had the potential for fraudulent activities.
The cards themselves can be a way for criminals to turn theft into safe cash. The first step is obtaining the gift cards, which can be done either by buying them on mass with stolen credit cards or credit card numbers or by “returning” stolen merchandise to stores that only offer store credit via store gift cards. These cards are then turned over again, sold via websites or individually. Buying cards directly from retailers isn’t a guarantee, as the cards are susceptible to basic hacks if companies don’t take the time to secure them. Crooks scan or photograph the numbers and wait until the cards are sold to use the now-active numbers before buyers are even aware their gift card is used up.
Our favorite toys are hackable, and gift cards can’t be relied on, but there’s one unopened present still under the tree: all the hacks that have happened that we don’t know about yet. The days between Black Friday and New Years are the biggest shopping days of the retail year. It’s no wonder that when systems are tested to the limit and have the potential for such high returns that retailers are more tempted than ever to let security checks lax. In the months following, we’re likely to hear of some hack flying under the radar, like Target’s infamous holiday breach.
Maybe time spent with family and friends really is the best present. That, and a thorough understanding of how to safeguard ourselves when companies aren’t able to protect our data.