Connected Devices: Holiday 2015 Security Roundup

Looking for something to get a tech lover this holiday season? Do a quick search and gift guide after gift guide pops up, all claiming they’ve got the perfect gift for the IT admin or tech hobbyist who has everything. The problem? When it comes to connected devices, most holiday roundups focus on function over frontline defense, speed and mobile security. Here’s a list of the best (and worst) devices for that special, technical someone.

Toys and Cameras

Want to drive techies wild? Get them a Wi-Fi-enabled toy for their child or a camera-equipped baby monitor. Why? Because the companies making these devices are often more concerned with time to market than ensuring a secure connection, meaning there are often gaping holes in cybersecurity even after toys and gadgets are loose in consumer wilds.

Consider problems discovered in a child’s doll: TechNewsWorld reported that security researchers discovered it was possible for cybercriminals to not only access system information, Wi-Fi network names, MAC addresses and account IDs, but also change the prerecorded MP3s played by the doll in response to questions.

There are also problems with connected camera devices such as baby monitors. Several stories surfaced this year about monitors’ audio or video streams being hacked and causing panic for parents. According to CSO Online, in fact, security firm Rapid 7 found every monitor it tested earlier this year had “significant security problems,” such as the complete absence of data encryption, which made exploiting any vulnerabilities “trivial” for a competent cybercriminal.

Bottom line? Connected toys and baby monitors might be funny as a gag gift, but otherwise expect techies to grimace, force a smile and then recycle the gift rather than run the risk.

The Gray Area

A potentially viable gift idea this holiday is something like the Amazon Echo, which connects to the retail giant’s cloud and allows users to ask it virtually any question simply by saying “Amazon” or “Alexa” in the same room as the device. The more questions asked, the more accurate the responses and the better its overall performance.

As noted by SlashGear, there are concerns over the process of background listening even when users haven’t turned on the device, along with worries about how long Amazon keeps query data — ostensibly used to better understand user questions. The bottom line? Connected devices like Echo, along with other question-and-answer devices, are a gray area.

Think of them like iPhone’s Siri: If the intended recipient thinks the virtual assistant is a bridge too far when it comes to privacy, best to skip the Echo and opt for a nice gift card instead.

Connected Devices: The Possible Contenders

So what’s out there for techies that won’t make them go crazy with worry? There are a few options.

Secure Smartphones

If you’re looking for a secure smartphone, the Blackberry PRIV is a good choice. The Canadian smartphone company is pushing its newest model — and first Android phone — as one of the most secure options on the market. According to Softpedia, key security benefits include signed digital keys at the manufacturing level to ensure device integrity, improvements to the Address Space Layout Randomization (ASLR) security method independent of Android versioning and Pathtrust utility designed to prevent untrusted code from breaching the device via malware.

Secure Routers

Security for routers is all over the map, with some companies making it easy for cybercriminals to gain access unless settings are changed while others take the time to lock down specific features before shipping these devices to consumers. As noted by Computerworld, the D-Link DIR860L router is one of the better choices on the market, with solid CAPTCHA protection against password guessing — it isn’t fooled by changing browsers — and support for HTTPS. In addition, it’s possible to schedule Wi-Fi connectivity and block local HTTP remote access by enabling LAN-side HTTPS.

Secure Printers

One option for a secure printer is the cloud-enabled Samsung MultiXpress 3, which forgoes standard printer drivers in favor of cloud access to make document printing and sharing as simple as possible. When it comes to security, users can choose to input a local PIN or release documents wirelessly via Samsung’s near-field communication (NFC) technology.

Nymi Band

The Nymi Band is available as a discovery kit right now, making it the ideal gift for developers looking to get their feet wet in wearables. The big idea? Using an individual’s unique electrocardiographic (ECG) signature to act in place of passwords or PIN numbers. While the Nymi looks like a fitness tracker, the hope is to leverage it as a conduit between mobile devices and secure access points to provide an authentication token that can’t be replicated or faked. Will it pay off? That’s up in the air right now, but this is an outside-the-box tech gift security lovers won’t expect.

Connected devices are a hot commodity, but burgeoning Internet of Things (IoT) infrastructure and the drive for decreased time to market conspire to make many of these gadgets insecure at best and severely vulnerable at worst. This holiday season, steer clear of toys and cameras, ask for opinion before choosing a connected voice device or opt for devices with better-than-average security features.

Contributor'photo

Douglas Bonderud

Freelance Writer

A freelance writer for three years, Doug Bonderud is a Western Canadian with expertise in the fields of technology and...