Skip to content

Beware... Santa could bring home cybersecurity risks

christmas-smart-speaker - Getty Images
Christmas smart speaker. (via Getty Images)

High-tech security experts are warning holiday gift-givers and receivers to be wary of risks that internet-connected devices and home appliances could pose to home security – particularly when many are working from home as the pandemic continues.

And, said BC Hydro today (Dec. 11), a survey shows electronics use is expected to be at an all-time high this Christmas season. With people staying home, TV and movie viewing will be up.

“Adding to electricity use will be more electronic gifting – video game consoles, TVs, and cell phones are topping holiday lists this year,” the survey found.

“Headsets with microphones and ring lights are also in demand as more than half of British Columbians plan to have virtual family celebrations.”

And with those gifts come opportunities for cyber crooks to get access to home networks. 

Moreover, it’s not an issue for Canadians to take lightly. UK-based Uswitch reported this month that Canada ranks third in the world for incidents of data theft after the United States and South Korea with almost 92 million data breach cases since 2013

Cyberdetectives Derek Manky and Chris Dawson said many devices, if not set up with security top of mind, can offer cybercrooks an open door into home networks and expose personal data as well as data from home-working situations to data theft problems.

Those devices range far beyond just smartphones now. They could include things such as robotic vacuums, smart TVs or fridges, anything that connects to a home network.

Manky, chief of security insights and global threat alliances at Fortinet’s FortiGuard Labs in Burnaby, said a proliferation of devices connected to home Internet raises the number of potential vulnerabilities sought by cyber crooks. He suggested a slight amount of paranoia should go into configuring and using devices – including those using the so-called Internet of things (IOT).

The IOT is a system of interrelated devices, digital or mechanical machines. Each has a unique identifier and has the ability to transfer data over a network without human-to-human or human-to-computer interaction.

Most have default Internet settings and passwords which should be reset, Manky said.  People not resetting those defaults are something cyber crooks count on, making breaches easier.

Without that basic level of protection, Manky said, “that device could be open to attack. That device could be used as a springboard to the rest of the network.”

“IOT devices are a major target for threat actors,” he said. “They look for vulnerabilities. They look for default passwords,” added Dawson, threat intelligence lead for California-based global online security firm Proofpoint.

He spoke from his U.S. home on Vashon Island south of Victoria.

Both Manky and Dawson said buying devices that come with the offer of future software upgrades or patches are a key part of home cyber hygiene.

And it’s a worry, Dawson said, because home network vulnerabilities can grow into corporate network vulnerabilities with people working from home.

So, that drone with a bow on it under the tree could open the door to corporate data theft for cyber crooks using your own wifi. And, such devices often come with a control app for a phone. Be careful there as well, and read the user agreement, Dawson said.

“I wish more people could fall into this paranoid mindset,” he said.

Another level of protection Manky and Dawson agree on is with home routers. They can be segmented for different uses, something both recommend. And certainly don’t leave routers on default settings, they said.

“Basic Internet hygiene is really important,” Dawson said.

push icon
Be the first to read breaking stories. Enable push notifications on your device. Disable anytime.
No thanks