Story image

Avoid gifting weaponised teddy bears & game console hacks: Top IoT threats this season

13 Dec 17

Before putting internet-connected toys, gadgets or gaming consoles under the tree this holiday season, cybersecurity firm ESET is encouraging people to take precautions that limit the risk of cyber attacks.

Cyber attacks on toys, you ask? Weaponised teddy bears? Yes, they are possible. ESET senior research fellow Nick FitzGerald explains:

“This year, Christmas gifts will be connected more than ever before, often requiring always-on connections to servers and our personal information. Whilst IoT devices make great gifts, with recent attacks such as Mirai, which enslaved more than an estimated two million IoT devices, it is important for consumers to understand the real risks involved, and how to protect their privacy and personal data.”

Children’s toys

Toys are becoming high-tech, including everything from Bluetooth to app integration with a mobile device. The downside is, do you know what data those toys collect? If they collect GPS data, attackers could potentially pinpoint the location of children.

This year a number of toys across Europe including the Furby Connect, CloudPets and the i-Que Intelligent Robot had numerous security failures.

At a conference in The Netherlands, an 11-year-old used a Raspberry Pi to hack a smart teddy bear and used it to record a message from the audience.

“Ensure you know what data is being transmitted, whether there are parental controls in place and how services handle the data in secure and privacy-respecting ways. Sadly, there are already several examples of ‘smart toys’ that miserably fail on these criteria,” ESET says.

“Whenever an appliance is described as being ‘smart’, it’s vulnerable,” with the same caution applying to ‘connected’ devices,” says F-Secure CEO Mikko Hyppönen.

If you are considering purchasing a ‘smart’ or ‘connected’ toy or device for any of the children on your shopping list, ESET recommend that you use your favourite search engine and run four searches:

·        Toy name security vulnerability

·        Toy brand name security vulnerability

·        Toy brand name privacy breach

·        Toy brand name data leak

Reconsider purchasing a ‘smart’ toy known to have had vulnerabilities, or one from a brand – especially if it is a new or little-known one – that has had other items with vulnerabilities, or privacy or data breaches.

Gaming consoles

Most gaming consoles like the Sony PlayStation or Xbox have some kind of connection to the internet these days, especially as gaming developers offer purchases for certain games and online battlefields.

However, they do come with risks. The accounts you use to access content include personal details and stored payment details such as credit card information.

The 2011 Sony PlayStation hack exposed details of 77 million gamers. The leaked information included names, credit card numbers, passwords, security questions and dates of birth.

“Gamers can protect their payment information by purchasing a pre-paid account top-up card from a newsagent or supermarket, instead of using a credit card, or use a prepaid credit card and maintain only a small balance on it. Parents should enable parental controls to restrict purchases and actions to protect younger children,” ESET says.

Home assistants

Whether you’re a fan of Amazon’s Alexa or Google’s home assistants, those assistants can be cheap and useful, but can also invade your privacy.

“These devices have always-on microphones that listen for specific catchphrases to activate. There have already been reports of hackers finding ways to take control of these devices, effectively turning them into wiretaps, potentially exposing your most private conversations,” ESET explains.

“Protecting against such attacks is difficult, especially since these devices are designed to be on, and listening, 24/7. Users can manually mute their home assistant when not in use and review the permissions settings on the manufactures website. Avoid using home assistants to access services that may contain sensitive data, such as banking details, and erase old recordings if possible.”

But most of all, stay smart and safe when buying gifts online. Sure, you may be able to skip the queues in store, but it still comes with risks.

“When you are ordering gifts online, check to see if ‘https’ is included in front of the web address or that a padlock symbol is displayed by the site’s address in the browser to ensure your details are encrypted during checkout,” ESET says.

“Also, consider using a credit card instead of a debit card as you may find it easier to get your money back from a credit card if you are scammed with bogus charges.”

“Finally, for any card that has a PIN associated with it, you may want to change your PIN if you have been using the same one for a long time.”

IDC: Standalone VR headset shipments grow 428.6% in 3Q18
The VR headset market returned to growth in 3Q18 after four consecutive quarters of decline and now makes up 97% of the combined market.
Meet Rentbot, the chatbot that can help with tenancy law
If you find yourself in a tricky situation  - or if you just want to understand your rights as a landlord or tenant, you can now turn to a chatbot for help.
PlayerUnknown’s Battlegrounds (PUBG) finally releases on PS4
PUBG on PS4 feels like it’s still in Early Access as the graphics look horribly outdated and the game runs poorly too. 
How AI can fundamentally change the business landscape
“This is an extremely interesting if not pivotal time to discuss how AI is being deployed and leveraged, both in business and at home.”
CERT NZ highlights rise of unauthorised access incidents
“In one case, the attacker gained access and tracked the business’s emails for at least six months. They gathered extensive knowledge of the business’s billing cycles."
Report finds GCSB in compliance with NZ rights
The Inspector-General has given the GCSB its compliance tick of approval for the fourth year in a row.
Game review: Just Cause 4 on PC
Rico Rodriguez returns to wreak over-the-top havoc for a fourth time. This time the island nation of Solís is our hero’s sandbox, ripe for destruction.
Hands-on review: Logitech G502 HERO gaming mouse
My favourite feature of the G502s is the ‘Sniper’ button, which is found on the left hand side of the device. When held, this lowers the DPI and allows you to achieve maximum accuracy whilst honing in on a kill on your favourite FPS title.