IoT gadgets dominate the holiday sales – and so do their security risks

The annual retail conventions of Black Friday and Cyber Monday have long had a tradition of drumming up the latest tech products ahead of Christmas. Internet of Things (IoT) enabled products have become an increasingly popular mainstay of the sales rush, including virtual home assistants, wearable tech, smart toys and connected appliances.

However, as these connected products continue to dominate the holiday sales scene, they are also highlighting longstanding security concerns with IoT devices. Products are often found to be lacking even basic security safeguards, potentially exposing users to privacy invasions, cyberattacks, and even physical danger. 

Those who splurged on IoT-enabled devices in this year’s sales will need to be aware of potential new security threats against themselves and their employers.

About the author

Richard Hughes is Head of Technical Cyber Security at A&O IT Group 

How weak IoT security invites hackers into the home

IoT security vulnerabilities are extremely common, and our own investigators have found major flaws in everything from kettles to sex toys. There has been a steady cadence of IoT security breaches making the headlines over the last few years, including both the discovery of potential vulnerabilities and cases of actual exploitation.

One of the most prominent recent examples has been the Ring smart doorbell produced by Amazon. The device is ostensibly designed to help users with home security, enabling them to remotely access video and audio feeds from their smartphone, as well as receiving alerts when they have a visitor.

However, it quickly became apparent that Ring was lacking several important security features. The device is controlled by a mobile app but did not set any limits on incorrect login attempts or notify users when there was a failed attempt or a successful login from a new location or device. This meant it was straight forward for a threat actor to brute force their way into the user’s account and connect to the device. There were multiple examples of Ring devices being hijacked to spy on households, as well as the speaker function being used to harass and threaten people with physical violence. Connecting to a Ring device…