A hackable baby monitor, a water bottle that gives away your location and a cooker that can potentially be controlled via WiFi by anyone – these are just some of the vulnerable products uncovered by a team of cyber security researchers – and they’ll all be on sale in the UK this Black Friday.
The experts, from cyber security consultancy Online Spy Shop, rated devices for encryption and data privacy to determine individual vulnerability. Among those that fared particularly badly were a ‘smart bulb’ that can potentially tell cyber criminals when you’re asleep and a drone for which one hacker has already published a step-by-step takeover tutorial. They’ve listed the devices in full here.
Of the ten vulnerable devices identified, four were aimed at children, three were marketed as ‘smart home’ devices and two even allowed hackers to remotely track the movements of strangers.
Alarmingly, nine of the ten popular product were found not to be properly encrypted. One retailer even warned in its description that the Tile Mate tracking device “can’t be disabled if it falls into the wrong hands”.
Steve Roberts, founder of Online Spy Shop, has this advice for Black Friday shoppers looking for a bargain gadget.
“Manufacturers are always looking for ways to make simple products more interesting and making a product ‘smart’ is a quick way to do this. But ‘smart’ can also mean ‘insecure’. When it comes to smart and connected devices, encryption is the key to security. It enables data to be shared securely and only with those who have the correct encryption key. But it’s not the only thing to consider. Password strength requirements and software updates are important too.
Five ways to spot a vulnerable device
No encryption: it’s sometimes difficult to know whether a device is encrypted without digging through the product specifications. So this is where brand trust and reviews can be handy. If you don’t have time to inspect the specifications, look at some reviews.
No requirement to update a default password: Some devices require a password, but don’t prompt users to update the default password, which may be as easy-to-crack as ‘0000’ or ‘1234’
Parental controls: These are especially important for toys and gadgets to be used by kids.
Security updates: Even the most robust devices can be exposed, so manufacturers should be regularly issuing security updates. If the device doesn’t allow this, it could be vulnerable.