The holiday season is coming to a close, with meals shared and gifts opened. You may have even received a new gizmo or doodad that you’re looking forward to trying out. Not to burst your bubble, but there is unfortunately a chance that the gizmo you had hoped to get (or purchased for a loved one) may lead to a security breach.

Smart Home Hubs and Assistants
These devices were touted as useful gadgets to have around the house as a mix between a media center and reference source. The trouble with devices like these is that they are always listening for you to speak, with microphones that automatically activate. Think about everything you say in the privacy of your own home. A cybercriminal could listen in, taking that privacy away and quite possibly learning some invaluable information.

To make this situation worse, many “smart home” devices also have cameras, invading your privacy in yet another way.

Admittedly, the thought of controlling one’s house by telling it what to do is, for lack of a better term, pretty cool. However, the questionable security that many of these devices suffer from gives cybercriminals the unique opportunity to spy on you, whether you use the assistant at home or in the office. This is also important to keep in mind if a young person you know recently received one of these devices.

Smart and Connected Toys
While many connected devices are clearly meant for an older demographic, there is an equal amount that are intended for children. For example, many toys are now capable of functioning in a way quite similar to a smart home hub, and others have features that are outright creepy. For example, if a child has a Toymail Talkie, a cybercriminal could use it to communicate directly to that child. Other connected toys offer cybercriminals with intimate details about the schedule of a child. For instance, the connected bath toy, Edwin the Duck, can be used to tell a hacker the general time that a child is in the bath and when they are put down for the night.

Connected and Smart Appliances
Grown-ups have to have their toys, too. Appliances and accessories with “smart” capabilities are becoming increasingly common, but unfortunately lack the security required to protect them from cyberattack and intrusion. Assorted wearable tech, like fitness trackers, and Internet of Things devices, or any of those devices that aren’t a computer or laptop but still utilize the Internet, are becoming more and more popular. Unfortunately, because their security is sub-par, these devices can easily be leveraged as a part of a botnet, or can also be used to extract data from their surroundings.

DNA Tests
It would seem that there was a sizable push to frame these ancestry testing kits as the perfect holiday gift this year, despite there being host to numerous privacy issues. Consider what you have to provide to the company. By handing over a vial of your spit, you’re giving them the most unique piece of personally identifiable information you possess: your genetic code, also known as your DNA.

This information quickly becomes very valuable once the topic of research is brought up.

When using one of these services, there are plenty of agreements to sign. These agreements will often give the company the leeway to use your genetic data as they please, including selling a digitized version to whomever is willing to pay.

Despite the Genetic Information Nondiscrimination Act of 2008 forbidding the use of genetic information to justify discriminatory acts, like firing someone because they have a predisposition to a medical condition, it isn’t easy to prove this kind of discrimination. After all, an employer could easily find some other reason to terminate someone’s employment–the fact that they were predisposed to a medical condition that would keep them out of work would just be a “coincidence.”

While we hope that your holidays were as bright and cheerful as they should be, we don’t want an unexpected data breach to spoil those memories. For more products that could put your security at risk, check out Mozilla’s handy guide.

Did you have any of these items on your wishlist? Is it worth keeping them around despite the risk to your data security? Leave your thoughts on the matter in the comments section!

December 29, 2017
Directive