Christmas arrives and with it the time to buy gifts. We approach our nearest shopping center or start surfing the Net to collect ideas. This year we want to buy something related to technology. Enough buying socks for everyone.
We have thought of buying our parents a video surveillance camera for their house. With it, they will be able to verify that everything is fine when they go to the mountains on weekends. So we open our browser, we go to the surveillance camera section of our favorite store and we choose the best sold, which also fits our budget. We select it and we send it right to the shopping cart.
For our 7-year-old niece, we have thought about buying the latest Barbie model, called Hello Barbie, which she can talk with. The doll recognizes the voices and maintains conversations with the child. This present will be a triumph, so we also put it in the shopping cart.
For her 10-year-old brother, we have in mind a smartwatch adapted for children. With it, he will be able to call his parents whenever he wants. In the same way, his parents can see where he is using the application. That’s all advantages!
These steps, which are more than common these days, can suppose a series of security problems that we are not aware of when making the buy.
For example, looking for information outside the store, we find that surveillance cameras can present several security problems. These range from using the same user and password for all cameras, so that once someone accesses this information, he can connect to all the cameras of that model. Or sending the videos of the camera to see them to servers in foreign countries, where nobody can know what is done with them. And that’s just the tip of the iceberg, taking into account the number of surveillance cameras that are currently broadcasting videos of private places and that are available to anyone with a simple mouse click, as for example on http://www.insecam.org/en/bycountry/ES/
Now let’s talk about Hello Barbie. It’s the latest in technology considering that any girl of that age would want to talk to Barbie and have her answer. In this case, according to experts who have spoken with its manufacturer Mattel, there are no security problems that allow other unknown people to access the data that the toy keeps, as it happened with “My Friend Cayla”. That does not mean there are no privacy problems. In the best of cases, the toy keeps your child’s conversation in an unknown place, usually a large computer with lots of space, but from which the buyer has no information, such as its location. And who assures us that in addition to the child’s conversations, the doll does not record all the conversations in the environment? or if once stored in an unknown country, with laws that we do not know, that this information cannot be sold to third parties without having any legal power on it?
Last, but not least, the smartwatch for children allows making or receiving calls from previously saved numbers as well as locating the watch thanks to an application. Obviously, this is a very useful gift in certain situations. The problem arises when a gift that is supposed to help us keep our children safe, it does precisely the opposite instead. Several of these watches have been banned from sale in other European countries, such as Germany. Examinations carried out by experts showed that these devices had serious security problems. They went from being able to obtain the location of the clock without permission, to being able to activate the microphone without any notification, including being able to make calls to the clock simulating to be the parents’ telephone. By the way, some copies of those watches are still sold in Spain without any type of control.
So before buying technology this Christmas you have to follow some simple steps:
- Find information about the product before buying it, in the comments of the store where you are going to buy them or in your favorite search engine.
- If the product comes with a camera or a microphone you distrust, ask yourself if you really need those features.
- If it has an application, download it before you buy the product. If to use that application you can use any password, even if it is short, for example, then do not trust it. If you do not need to use a password, dismiss it directly.
- Read the manual that is usually available on the product page. If you can connect to the product using wifi, confirm that they ask you for a password. If it uses Bluetooth, confirm that it asks for a PIN code. If the documentation does not specify anything related to security, directly discard the product.
Article written by Luis Cuervo, Security Manager at Barbara IoT.