Don’t Let Cyber Grinches Spoil Your Holidays

Heading into the end-of-year holiday celebrations, consumers are also going shopping. But as they trek to the malls or go online, shoppers need to consider the security implications of the vast array of cool, connected devices now on the market.

Here’s what you need to know, courtesy of the experts here at NortonLifeLock.

1. Security Surveillance Systems/Smart Thermostat/Smart Doorbells

After a hacker accessed a security camera and harassed an 8-year-old, the chilling recording of the encounter sends a clear warning to shoppers this holiday season: This could happen to you.

Smart-home devices can potentially be hacked or modified to lock you out. General device privacy and security concerns apply here to protect users from the misuse of their data.

Always purchase from reputable manufacturers. And make sure to change the default passwords that these devices come with and don’t forget to use security software to help prevent malware from infecting devices on your home network. 

2. Wearables  

Smart watches and activity trackers are soaring in popularity with nearly 85 million people around the world last quarter discovering the convenience of having the power of the internet within reach.

But these accessories don't stand alone. Rather, they serve as extensions of your smartphones and collect very personal information about you. So, carefully read the privacy policies regarding the information you intend to share, including reviewing your geographical location settings.

Increasingly, smart watches are gaining access to certain functions in smart homes, such as the ability to remotely unlock your front door. That sounds great until your device gets lost or stolen. (If it does, review all your passwords to make sure they’re protected with two-factor authentication.)

Even though some accessories include security settings that ought to help protect you in case of loss or theft, be sure to understand the tradeoffs of convenience.

3. Smart Televisions

Any internet-connected, voice-enabled TV has the capability to track what you are searching and watching. What’s more concerning is attackers can hack into smart TV webcams for spying or capitalize on software vulnerabilities to insert malware that can move through all your connected devices.

Also, when shopping for a unit, don’t forget to ask whether it has a camera. Also, does it come with a physical cover or is there one you can add?

It’s worth researching whether the brand has a good or bad reputation when it comes to privacy and data collection.(The Better Business Bureau offers some online resources to guide you.)

And once you bring it home, think about whether you want to be tracked for advertising purposes. Most smart TVs do come with an option for you to turn off such tracking, but it may not be the default setting. So, check the fine print before turning on or turning off features on your smart TV.

A general rule with Smart TV software (and any computing device): Always keep the software up to date or turn on automatic updates if there’s such an option.

4. Home Cleaning Robots

Another great convenience of the last few years, robot vacuum cleaners have become a must-have appliance for many. Independent research finds that the devices enjoy off-the-chart loyalty with 89% of people who own robot cleaners saying they would recommend them to friends and family.

But don’t ignore the privacy implications. Many robot cleaners have cameras to map the house floor layout and optimize operation. This poses potential areas of concern if the robot is connected to the internet. Ensure the manufacturer is protecting the mapped layout data and that it is not shared. Also ensure the cameras are not capturing additional data from within the home.

Another point to consider is that unlike most other devices you may own around the house, this is a machine that physically moves inside your home. As such, a compromised vacuum potentially can enable other types of creepy activity.

So again, ask whether you trust the manufacturer and whether the company not only can build a vacuum, but also safeguard your data. If the answer to that question is yes, also inquire how they go about doing it. Don’t take “why, of course we protect you” as the final answer. Do your research and focus on reputable manufacturers. 

5. Smart Speakers

Who doesn’t love the convenience of smart speakers? NPR and Edison Research estimates that there are now about 120 million smart speakers in U.S. homes, representing 78 percent year-over-year growth.

But did you also know that most of these devices have “always on” speech listening and recognition features so that they can identify the “wake word” — even while they are standing by?

It’s no longer exceptional to read about people complaining that their private conversations somehow triggered the device’s wake word to start eavesdropping. So, before buying a smart speaker for your home, ask whether you’re comfortable with this?

Many of us may see this as a small price to pay for the convenience being offered. But always-on listening means that such devices can not only listen to what you say (and potentially use it — for advertising, for instance), but they can also capture ambient noise that reveals a lot of other things about you.

Word to the wise: Don't share information you don't want your voice assistant to share, such as your passwords or credit card information. And consider turning off the device when it's not in use. You don’t want outsiders listening into private interactions around the kitchen or in the bedroom. If a device is not plugged in, it's unable to listen in — at least for now.

6. Smart Cars

The electronic/computing system of a car controls most of its operation and is far more vulnerable than, say, a gas-guzzling station wagon from yesteryear. Increasingly, our cars are turning into the equivalent of iPads on four wheels as vehicles incorporate more and more electronic gadgetry each year to add customer convenience.

But as with any technology device, it’s wise to take precautions that mitigate security risks. For instance, in this case the USB ports in certain newer cars might be manipulated to read files on your cell phone or install malware on the device. This is the latest practice known as Juice Jacking, where malware gets installed onto a device or information and can be stolen via the USB charging port.

Also, hackers may be able to launch attacks against audio systems in a bid to control the vehicle remotely. Similar vulnerabilities have also been found with key fobs and certain apps that get used to communicate with the cars. So, it’s on you to take basic precautions.

Be extremely careful with car port dongles that are plugged into the car control port. And just as with any other computing devices, it is vital to apply software updates in a timely manner and fix any potentially relevant recalls. Don’t make an attacker’s job any easier for them.

7. Smart Toys

Every year more devices become part of the Internet of Things, and that includes children’s toys. But now that digital toys and devices come with built-in cameras and GPS trackers, you need to consider the benefits with the potential security risks. Some toys may interact with smart speakers, which introduces a new category of threats.

Like other connected digital devices, they are potentially vulnerable to hacks and any data they collect may not be private — or secure. The threat is not theoretical. We’ve already seen instances in which companies neglected to protect their online storage system and hundreds of thousands of records, including childrens’ names, ages and voice recordings, got exposed.

That puts the onus on parents to use complicated passwords for every connected toy they buy for their kids. Also, never let your children access the internet from an unsecure Bluetooth or Wi-Fi connection.

8. Heredity and Genetics Testing Kits

Heritage testing kits are all the rage nowadays as people search for more information about the makeup of their family trees. But buyer beware: That’s also a lot of valuable personal data to entrust with any one company, and, unfortunately, things don’t always go as planned. For example, a security breach at MyHeritage last year exposed the data of over 92 million customers.

Also, it's possible that sometime in the future a company's situation or its privacy policy changes. What do you do then to help secure your data? If law enforcement authorities armed with subpoenas come knocking at their front door, those companies may be obligated to turn over the requested DNA data.

All this serves as a reminder that different organizations with which you do business store your information in many different places that are beyond your control. As always, you should be mindful of security.  Use unique passwords on each of your accounts — and make sure they're strong (Norton Password Manager is a big help here.) Also, don’t use passwords that are on the dark web (as surfaced by our product.)

9. Wireless Headphones

Many wireless headphones now come with integrated voice assistants and thus involve all the security issues with which we’re familiar. Just one difference: the device is always with you.

Also, if you connect over Bluetooth, there’s always the risk it may not be secure, especially outdated versions of the protocol which likely have unpatched security holes. One easy precaution: Just turn off Bluetooth when you're not using it or if you're near anyone who you don't trust.

10. Smart Exercise and Health Gear 

There are a myriad of health devices that track GPS locations and monitor your vital signs — all in pursuit of helping you get more fit. Intelligent yoga mats, Bluetooth-equipped running shoes, wireless blood pressure monitors, tech savvy jump ropes — the list goes on.

At the same time, though, the devices also gather a ton of sensitive, personal data about you. They can capture your heart rate, oxygen saturation (SPO2), even perform an ECG. One such app was found to be capable of searching a user's regular routes, information that could be used to find out where they lived or worked, or even to track them in the real world.

Word to the wise: You don't need to share all your information with public leaderboards to showcase your physical achievements. (Maybe just your trusted friends.)

So, go into your settings and keep as much of your personal information as private as possible. Unfortunately, even that won't necessarily keep your data private. Depending on the fitness app in question, they may or may not have a privacy policy and may reserve the right to share your data as long as it’s aggregated.

11. Gifting to Charities

This is the time of the year when many people like to make charitable contributions. Not to put a damper on the holiday mood, but don’t forget to pre-screen your charity of choice and examine their privacy policy. Otherwise, you run the risk of being flooded with mails and phone calls throughout the following year from people representing organizations you've never contacted.

The truth is that many charities share with third parties the emails and other information belonging to donors.

To minimize that potential annoyance, do your homework with the help of charity watchdog organizations such as Charity Navigator and BBB Wise Giving Alliance. These organizations allow you to read about a charity's profile as well as their donor privacy policies.

If you prefer to go directly to the charity’s website, be sure to read the fine print concerning whether the organization sells donor contact information. They ought to include an “opt out” choice for people who don’t want their personal information disclosed.

12. Tools to stay Cyber Safe

We live in a complex digital world.  Our Norton 360 plans with LifeLock Select help secure your devices, identities, online privacy, and home and family needs.

Editorial note: Our articles provide educational information for you. NortonLifeLock offerings may not cover or protect against every type of crime, fraud, or threat we write about. Our goal is to increase awareness about Cyber Safety. Please review complete Terms during enrollment or setup. Remember that no one can prevent all identity theft or cyber crime, and that LifeLock does not monitor all transactions at all businesses.