#12. Smart Light Bulbs
Remote controlled lighting, setting the brightness according to your mood, and better energy efficiency – there are several pros of smart light bulbs. But they have a big con – security loopholes.
Just last year, shoppers spent about $8 billion on these smart bulbs, and the numbers will expectedly grow. They were a popular choice during the last holiday season, but are they also the right choice?
A hacker used the LIFX Mini White light bulb to show how easy it is to hack a smart bulb to gain more insights about the owner. The bulb’s memory stored the Wi-Fi credentials in plaintext, thus granting easy access to the homeowner’s Wi-Fi network. The bulb had absolutely no security measures whatsoever, which isn’t a great idea for an internet-enabled device.
Another study showed that many different types of smart bulbs could easily be hacked.
Verdict: Maybe you should stick with dumb light bulbs instead.
#11. Facebook Portal
Can you trust anything made by Facebook? Brand issues aside, there are genuine security issues related to Facebook Portal.
The main selling point for this device is video calls. You can call others using Whatsapp and Facebook Messenger. Also, it is Alexa-powered, soit can collect user data.
The most alarming part of Facebook Portal is the camera that follows you around the room as you walk. You can almost forget when you’re not on a video call, as Portal then acts as a digital photo frame.
Given the reputation of Facebook, Portal will likely collect a lot of data on you. And the company is known for its willingness to share it with third parties.
Verdict: You’re probably better off sticking to tablets for your video-call needs.
#10. Amazon Echo Show
If you’re an Alexa owner, you must have noticed some weird behaviors. It might start speaking without being prompted. It might burst out laughing like a creep. But that’s not the only worrisome thing about Amazon Echo Show.
The new thing that Echo Show comes with is called “Drop-In”. It’s a feature that comes with the video-call functionality.
You know how video calling works. You add your contacts, and when they video-call you, you get the option to either accept or reject the call. But not with Drop-In.
With Drop-In, you always accept.
When you connect to a contact using Drop-In, it will always connect. You will be immediately able to hear whatever is going on in someone’s home. It’s marginally better on the video front: the screen looks like frosted glass before clearing out after a few seconds.
Sure, you have to give out a series of permissions before contact is allowed to Drop-In. You’ll probably choose your parents. It’s cool that they can drop in whenever and watch their grandkids play.
But what if they drop in and see you walking around in your underwear, looking for something in the fridge? Or worse, what if someone can hack into the account and watch you whenever they want?
Verdict: Drop-In: not the greatest feature for a world where terrorists have been hacking military drone feeds for a decade now.
#9. Google Home Mini
Google Home Mini is similar to Echo Dot, but also cute and adorable. Just beware – underneath its sheep’s clothing hides a wolf that hungers for your data.
Artem Russakovskii from Android Police was reviewing Google Home Mini, and everything seemed to be okay. Until the moment he noticed that Home Mini was recording conversations and sending them to Google.
The author discovered that the Google device woke up several times a day and recorded the happenings around it. It then sent these recordings to Google and did this very quietly. The only giveaway was the four lights device that flashed on and off for seemingly no apparent reason.
This happened back in 2017, and Google promised to fix the issue now. Whether to trust Google is up to you.
Verdict: If you want to keep your conversations to yourself, skip Google Home Mini.
#8. Smart Watches
Kaspersky Labs’ research on smartwatches shows that a hacker can use an Android smartwatch to find out if the wearer is resting or jogging. As the accelerometer patterns change, they can be used to determine if a person is walking or changing trains.
A hacker can also find out if the wearer is typing on their computer. It’s more challenging to find out what they’re typing since different people have different ways of typing – ten-finger method, one digit keyboard stab, or anything in between. However, if this data is sent to a neural network, a seasoned hacker may be able to find out your passwords simply because they gained access to your smartwatch.
The good thing is that it would take a LOT of time and effort. Today, they can only guess the computer password with an accuracy of 96% and an ATM PIN with an accuracy of 87%. t’s doubtful that a hacker will dedicate all that time and energy on such a finely targeted attack.
Stealing passwords using a smartwatch might not be the #1 concern. However, hackers can gather other personal details, such as your location. If you’re living alone and a hacker knows you’re out on a stroll when there’s nobody back home, they can take advantage of the situation.
Verdict: Who watches the smart watches? Probably hackers.
#7. Google Nest Cam
If you think Amazon Ring cameras were bad, Google Nest cam systems aren’t far ahead. A Wisconsin couple reported that a hacker took control of the system and cranked up the heat in their home. That’s not all – the hacker spoke to them through the Google Nest cam.
In 2018, another hacker used the Google Nest Cam to scare a couple by saying that he was in their baby’s room and was going to kidnap the baby. The Nest camera in the parents’ room activated and the hacker told them to turn the lights back off.
In August 2019, researchers discovered that there were at least eight different ways to hack a Nest security camera.
While Google promised a firmware update, it’s still disheartening to see such a big company launch a faulty camera system that can easily be hacked to spy on people’s lives.
The security vulnerabilities allow a hacker to use a brute force attack to add their Nest account on a victim’s camera. As Google Nest comes with many features – such as Google Assistant and facial recognition – it can give more power to the hackers when compromised. Or they can just get a copy of the information that’s on the victim’s camera.
Verdict: It’s really not the safest purchase of Black Friday 2019!
#6. Ring Video Doorbell
Amazon Ring is a smart device that lets you control who enters your home. Just attach it to your door and connect it to your phone. When a visitor arrives, you can see them through your phone and decide if you want to let them in.
It has been a popular device, but a few months ago, researchers found that it had a software security flaw that let hackers steal the Wi-Fi username and password of the network it was connected to.
Privacy advocates have also raised concerns over the partnership between Amazon and the US police department. It allows law enforcement agencies to access the Ring camera’s footage without generating a warrant.
There are also some security flaws in the Ring video doorbell that can allow a hacker to spy on the homeowners and see who leaves home and when. This can quickly turn from a hacker trying to listen in on your private conversations into a real and actual threat to the safety of your family.
Verdict: Amazon somehow managed to make doorbells dangerous.
Fitbit, the perfect device to motivate you to exercise. It tracks the number of steps you take along with some other details such as your weight, heart rate, location, sleep stages, and more. What can go wrong with it?
It’s the fact that it has recently been bought by Google, a company whose business model is all about selling user information, that should make you worry. It’s even scarier that a few weeks ago, Google purchased the health records of millions of Americans.
And the records have not even been stripped of their personally-identifiable information. According to the whistleblower who provided details of this deal, Google did that to sell health data to third parties or to create patient profiles so that the right healthcare products could be advertised to them.
With that in mind, Google acquiring Fitbit makes it feel like it isn’t a safe product anymore. It’s all fun and games when a girl catches her boyfriend cheating on her, thanks to the movement shown on his Fitbit app, but it’s a whole other thing when Google grabs hold of your health data.
Verdict: Christmas gift level: consider returning it.
#4. Smart toys
With everything being internet-connected, toymakers have come up with smart toys that listen to children’s conversations. Smart toys are often advertised as educational tools that can keep the child busy without having them looking into a screen for hours. Some toys are shown to quiz kids on animals and colors.
What can be a better gift for your child or grandchild than a toy that’s also their best friend, right? Maybe something that can’t be hacked. In a bid to keep their prices low, manufacturers compromise on security. Thus, these smart toys can easily be compromised.
These toys can listen to everything that’s going around them and send this data to the manufacturer. They can also be easily hacked and monitor your home without your knowledge.
In 2017, a German watchdog asked parents to destroy the My Friend Cayla doll because it contained “an illegal espionage apparatus.” It’s easy to see that smart toys are definitely not the smartest Christmas gift to keep.
Verdict: you have to be really smart to buy the right smart toy.
#3. Coffee Makers
I mean, come on! Can my coffee maker betray me as well? It’s a simple device! How can brewing a cuppa joe put your morning conversations online?
Well, in June 2019, Avast hacked a coffee maker to show how a simple device can also be vulnerable to hacker attacks. With this experiment, Avast was not only able to listen to conversations but also to turn it into a ransomware tool.
The coffee maker they hacked was one that could be operated with a mobile app. Other than that, it was pretty regular – push a few buttons, and it made coffee.
McAfee conducted a similar experiment. They tried to hack a Mr. Coffee coffee maker enabled with WeMo. Sam Quinn from McAfee exploited a vulnerability that let him connect the coffee maker to the computer as it downloaded and ran a shell script.
Verdict: your cup of Joe is now a cup with Joe Hackerman.
#2. Ring security camera
Amazon Ring indoor cameras and security cameras have become very popular lately. However, there have also been several reported cases when hackers entered the system and not just monitored the cameras but also spoke to the people through the speaker system.
In a recent case, a man hacked the Ring security camera inside a little girl’s room and shouted racial slurs at her. He also told her that he’s Santa Claus and that she can break her TV if she wants to. Creepy indeed – but it doesn’t stop there.
Another hacker used the Ring surveillance camera to speak to a young girl when her father wasn’t in the room. It turns out that the hacker was stalking the father and daughter while they were watching a movie in their living room.
In other news, a Ring outdoor security camera was hacked. The hacker taunted the owner and a police officer and told he had seen the homeowners perform sexual acts.
Why is it so easy to break into Ring camera systems? It’s because a large number of Ring user accounts were found on sale on a criminal forum – for just $6 each.
Verdict: Ring: a gift that keeps on giving – but not to you.
#1. We-Vibe vibrator
If you were planning to gift your partner or spouse something kinky, make sure it’s not the We-Vibe vibrator. This piece of teledildonics can be controlled via the We-Connect app to change the intensity and vibrations.
The problem is, the data that was collected by We-Vibe was sent back to the company Standard Innovation. This data can reveal the sexual orientation of the user along with the partner with whom they use the toy.
Any device that’s controlled by an app runs the risk of being hacked. It becomes even more severe in the case of a sex toy. If a user enjoys the toy thinking it is being controlled by their significant other and it turns out to be controlled by someone else, it can be a harrowing experience.
And then there’s another risk – since the device is very close to the human body, a hacker controlling it can potentially physically harm the user.
Verdict: We-Vibe gives off bad vibes.
What is the smart thing to buy?
It’s so tricky – nearly all smart toys and devices come with some security vulnerabilities. This brings us to the question – do we really need smart devices?
There are so many products that are connected to the internet when they don’t need to be. For example, why would you want an internet-enabled coffee maker? Sure, it looks fancier. You can ask it to brew a cup when you’re in your bed. But that also raises security issues.
Before you buy a smart device, you need to make a risk versus reward comparison. Are the rewards worth the risk? When something is connected to the internet, it can be hacked, and hackers can use the information in any way possible.
Sure, a smart fridge sounds cool. But do you really need to look inside your refrigerator from across the city remotely? Sometimes, it just makes more sense to use dumb things instead of smart ones.
What if You’ve Already Bought Smart Devices?
If you received smart devices as gifts or just own them yourself, here are some steps you can follow to stay secure.
Turn off Wi-Fi when you’re not there
When your Wi-Fi is on 24/7, it gives a lot of time to hackers to gain unauthorized access to your network. So when you’re not using it, you should turn off your router.
For example, it’s a good idea to turn the Wi-Fi off when you’re sleeping or leaving your home. It will not only keep you safe but also save money on utility bills.
Delete personal data
Home assistants like Google Home and Amazon Echo store voice data. Make sure to delete this data at regular intervals so that it doesn’t get stolen if a hacker gains access to the device.
Also, turn off the device when you’re not using it, so it doesn’t keep listening to your conversations.
Update the software
When the device manufacturer launches an update, make sure you download and install it. Updates generally contain bug fixes and patches, so updating your device will make it more secure.
Use a VPN and firewall
Since you cannot install apps on all smart devices the way you can on phones and computers, make sure you install a VPN and on your Wi-Fi router. A VPN router can thus secure every device that connects to it – both the smart gadgets and computers.
Turn off geo-location
Some apps can track your geo-location when you’re using the app. Other apps can keep track of your location even when the app is not active. Make sure you don’t give extra permissions to any app.
When you don’t need it, turn off the geo-location feature of your apps. You can do that by visiting the device settings.
Disable camera and mic when not in use
If you’ve got a smart device for video calling, make sure you disable the camera and mic when you’re not using it. Even if a hacker gains access to your device, they won’t be able to spy on you.
Turns out, many of your cutting edge gadgets pose security risks. But forewarned is forearmed. You now know about the potential privacy issues in your own home. It’s now up to you to take steps to fix them. Stay safe and stay private!
Use smart devices safely with a VPN
Only $1.99/mo. 30-day money-back guarantee with every planGet Surfshark