Did you give or receive a toy or new parental control or security app for the holidays?
While well intentioned, you may have inadvertently created a security breach for the recipient or opened your family up to unwanted surveillance.
The Internet of security breaches
The Internet of Things (IoT) is not just for your smart doorbell or connected refrigerator. Your child’s toys also connect to the Internet.
Poorly secured toys can open your network to target other devices on the same network. Devices such as smart TVs, smart doorbells, personal digital assistants, speakers, phones, laptops, and tablets can all be put at risk.
They can also be used to target others as part of a botnet. We frequently read about DDoS attacks, but how do they happen? Infected internet-connected devices – potentially including that new baby camera you received for Christmas or your child’s new smart doll – are used to launch the attack.
Read on for tips to stay protected.
Preventing privacy perils
It’s not only cyber security threats that you need to watch out for. It’s also privacy violations. Your personal data is big business.
Privacy issues range from targeted ads, selling personal data to data brokers, to location tracking or even the physical threat of someone stalking you with a Bluetooth tagger. According to Jen Caltrider, lead author of the Mozilla Foundation’s Privacy Not Included guide, “It’s just inevitable that data’s going to leak. … Anything that’s next to the internet is just not safe.”
The good news is that abusive companies are starting to feel the heat. In the United States, the FTC recently announced a settlement with one ad platform that enables targeted advertising on websites and apps, including from kids under 13, violating the Children’s Online Privacy Protection Rule.
What can you do to keep your family safe?
What should parents do?
Before allowing your children to play with their gifts and before parents purchase new apps to try to keep their family safe, what should parents do to protect their children’s security and privacy? Here are some tips to stay secure.
- Change default passwords
One of the most common attack vectors is simply logging into a connected device with the default passwords such as “admin/admin”. This is not a new threat – Identification and authentication failures remain in the OWASP’s Top 10. The UK government even introduced new legislation in Parliament to ban default passwords, and require unique passwords for internet-connected devices.
Leaving the default password is like locking your door but putting the key under the welcome mat. You think you’re secure, but anyone with bad intent can easily get inside.
- Perform security updates
Your smart toy may have been shipped out several months ago, but new vulnerabilities are found almost daily. As soon as you open the box, ensure that your device is patched and has the latest security updates.
- Use a separate “Guest” Wi-Fi network
Create a separate Wi-Fi network and only connect your IoT devices to this network. This will help reduce the impact if you are hacked. And, of course, make sure to use a strong password both for your guest network and your main home network.
- Monitor application permissions
Many mobile apps track your location and have access to your camera – even if they don’t really need to use it. But only if you allow them. Don’t just blindly click “Accept.” Instead, ensure zero-trust security and only allow the minimally necessary permissions to run.
- Turn off Wi-Fi and Bluetooth when not in use
Don’t leave any more open doors than needed. When you do not need the functionality, simply keep others from accessing your IoT toys by disabling Wi-Fi and Bluetooth.
- Ensure “off-net” protection with endpoint security
Have device, will travel. It’s not enough to protect your home network. The entire point of mobile devices is, well, to be mobile. Make sure your devices have endpoint security installed.
- Only trust solutions for privacy and filtering from your local Communication Service Provider (CSP)
As noted above, many apps that are designed to protect children and ensure safety have significant privacy and security vulnerabilities. Ultimately, even when downloading apps from official app stores, you don’t really know who is behind it and who is using your data. Nor is that a guarantee of safety, as over 500,000 Android users recently discovered after being infected by malware after downloading an app from the Google Play store. Instead, rely on your trusted partners – the Communication Service Providers of which you are already a subscriber. They are the ones controlling your traffic and are already your trusted partners.
CSPs can offer 360-degree unified security with AllotSecure. Allot NetworkSecure filters traffic, checking for malware, phishing attempts, spyware, and keeps your devices from being hijacked and used as part of a botnet and ensures parents have peace of mind by filtering out inappropriate content and controlling access across all of the devices on the network. Allot HomeSecure guarantees a simple, reliable, and secure network for the connected home.
Over 20 million subscribers are already protected with Allot Secure Security-as-a-Service solutions.
*** This is a Security Bloggers Network syndicated blog from Allot's Network Security & IoT Blog for CSPs & Enterprises authored by Avi Hein. Read the original post at: https://www.allot.com/blog/tips-to-avoid-cyber-threats-toys-gifts/