What (not) to Buy for the Holidays — 2016's Most Hackable Gifts

Let’s level for a moment, shall we?
Sure, we love the holidays (whatever holiday it is that you may be celebrating at this time of year). We savor cozy memories of cocoa and fireplaces, we revel in the warm and fuzzy emotions that come with spending time with friends, and we almost enjoy the biting cold nipping at our noses.
But what we really like the most are the presents.
Seriously, aren’t the presents what it’s all about nowadays? According to research from PriceWaterhouse Cooper, the 2016 shopping season is set to be the biggest shopping season in over 10 years, with a predicted 57% upswing in spending from last year’s holiday season. And, as has been the trend for the last few years, tech gifts lead the way. Along with all the regular tech swag, like the latest Xbox Console or a iPhone 7, this season you can bestow upon your loved ones a mini self-aware robot, smart lightbulbs and a host of other funky digital goodies. So banish the idea of buying him & her matching chunky sweaters for your clan — what they all really want are matching emoji chargers that come in choices as varied as My Little Pony, eggplants and even smiley faces.  Or how ’bout a new drone that the whole family can enjoy? (Just for the *low* price of $1400. Noone ever said cool tech comes cheap).
But as they say, every party has a pooper, and will quite frankly, that’s why we invited digital security. Our collective affinity for shiny new tech and the merry holiday atmosphere create the perfect tempest for determined creeps looking to milk any one of the many ways that people let their judgement slide at this time of year. The fact is that some of the most-commonly purchased gifts of this season rank right up there as some of the most hackable items around. Culled from this year’s stats of what’s been snatched up thus far in the holiday madness, here is a look at how some popular gift items may compromise your security:
Smartphones: Unsurprisingly, mobile devices are the first stop on holiday wish lists this year. It doesn’t take a rocket scientist to understand that these little guys bring with them the potential for big security risks, but people use them in less-than-smart ways all the time. From jail breaking iPhones, to downloading apps from third party stores, to opening up shady links in texts, to failing to read app TOS, smartphones present a myriad of possibilities when it comes to harming your security.
IoT gadgets: Here is an axiom that we promise will soon be famous — “The more we connect, the more hackable we become.” Think that your coffee pot can’t be turned against you? Or that your Fitbit can’t be compromised? Sadly, internet-ready devices can be manipulated all too easily. This past autumn’s hack to internet DNS provider Dyn, which took down half ot the eastern seaboards internet, was caused by a digital army of infected IoT cameras and DVRs.
Laptops and PC’s: A perennial favorite gift choice, laptops and PCs still continue to display strong sales in an increasingly mobile world. And as always, they continue to be plagued by malware and other vulnerabilities. Don’t assume that you’re safe by staying away from the Windows OS this year either. 2016 brought us more instances of malware targeting Macs than ever before.
WiFi-connected light bulbs and thermostats: Sure everything looks prettier bedecked in lights, but did you know that hackers can take control of WiFi connected lights from up to 400 yards away? Not only that, according to researchers, theoretically, if everyone were to jump on the connected-light bulb bandwagon, hackers could cause mass blackouts across major cities. And by accessing your connected thermostat, hackers can play with your settings, causing massive temperature drops and rises, whenever and however they want.
Hatchimals: This year’s “I HAVE TO HAVE THIS NOW!” gift for the 10-and-under set may not be hackable (at least for the moment, until someone figures out how to do it) but their “need-it-now” status means that the internet is replete with scams aimed at desperate parents willing to pay anything to get their hands on the odd creatures.  First off, there are all the websites selling cheap knock-offs packaged as the real thing. Then there are the social media-based Hatchimal scams that center around bogus “giveaways” and contests. Some email scams circulating are offering the fuzzy egg-encrusted bird/koalas at crazy discounts — but clicking the links leads to ransomware. And in case you thought that perhaps by paying up the unlock fee, you’d get a Hatchimal thrown in for free, think again — for that to happen you’ll have to wait until the madness dies down, which by our estimates will happen on about Jan 1st or so. Til then, be prepared to pay top dollar.
The intent here isn’t to convince you that you should be buying socks and sweaters for your people this year (we mean, you could try, but you might be the unhappy recipient of a scowl or two). Rather, it’s to make you aware of the dangers that you can and should protect yourself from. So this holiday season resolve to:

  • Read terms of service on all new devices and apps;
  • Consider setting up a separate WiFi network for all internet-ready devices and change all default passwords for each device;
  • Make sure to install a strong anti-malware solution like RCS;
  • Stay away from shady links in emails, on websites and in texts;
  • Never, never download anything from third party app stores.

Stick to these rules on your new devices and you’ll have a happy and secure (though perhaps broke) holiday season.