With the shopping season approaching, it’s likely that internet-connected gadgets and toys will be a popular item on many Canadians’ wish lists, as more than 92% of Canadians use IoT (Internet of Things) devices in their households. However, cybersecurity experts warn: Internet of Things devices can quickly go from fun to creepy, depending on how hackable they are.
“Enormous Black Friday discounts can rush customers into buying some very questionable gadgets. However, Internet of Things devices are widely known among experts for low security measures they usually have installed. There is a joke going around: ‘The S in IoT stands for security’. So, it’s best to think before bringing any new IoT device to your household, as it can easily compromise the whole network,” says digital security expert at NordVPN Daniel Markuson.
Globally, 1.5 billion attacks have occurred against IoT devices in the first six months of 2021. The most recent attack in Canada happened, when Canadian IoT manufacturer Sierra Wireless was hit by a ransomware attack which caused its production to halt completely for a week.
Which IoT devices are too dangerous to buy?
There are two main aspects that can determine the level of vulnerability of certain devices. First, innovation. If a product is new and doesn’t have a lot of competition on the market, it is usually less tested before the release and is thus more dangerous for a user.
“IoT device makers are in a rush to sell the new gadgets as quickly as possible. This means that they are shipping them out with the minimum features required for them to function, shortening the development process and cutting costs as much as possible. So, if we take the innovation aspect into consideration, the most dangerous devices are those that are too new to be widely used and thus tested,” Daniel Markuson from NordVPN concludes.
Another aspect is the cybercrime economy. Criminals usually target those devices that bring them the biggest value. Because of that, the most vulnerable devices are those that store the most sensitive information, which can later on be used to manipulate users into paying ransoms.
For example, if criminals take over a user’s baby monitor, they can observe the child and everything that is happening in his or her room and convince a parent that they have much more valuable information than just those recordings. A similar attack happened in January of 2019, when a mother from Western Australia noticed a major security breach of her device as she saw a stranger’s bedroom on the screen of her baby monitor.
“This aspect makes smart cameras (owned by 20.3% of Canadians), speakers (33.4%), and TVs (60.9%) the riskiest, as they store the most sensitive information about their users,” Daniel Markuson explains. “I would also pay special attention to the Wi-Fi router I buy. It doesn’t store a lot of personal information but creates a network that connects all the devices in the user’s household. So, once a criminal hacks your Wi-Fi router, they can get access to all of your IoT devices.”
What to consider before spending your money on a new device
“IoT devices are useful, fun, and really do make our lives easier. So, when you decide to save a coin while purchasing them during the Black Friday sales, do so with consideration to your future privacy and safety,” says Daniel Markuson and provides some tips.
- Look into the privacy issues associated with the devices you purchase. Look up tech sites that dig into privacy and security issues or buy devices certified by organizations like ioXt.
- Avoid buying devices that are too new to be properly tested. You might miss out on an innovation, but you will also miss out on the risks associated with a possibly rushed product.
- Think if you really need the device. Research shows that people who have more devices are also more vulnerable to hackers’ attacks.
- Take proper care of your device once you purchase it. As soon as you set up a new device, change its default login and password and turn off the features you won’t use. Also, don’t forget to update your device regularly and install a VPN if possible.