Are You Accidentally Gifting a Security Breach?

The holidays are a time filled with good food, visits from dear friends and family, and exchanging gifts with those you care about. However, to keep the season bright and merry, you need to be a little cautious during your next gift exchange, as many gifts can present some unexpected risks to your recipient’s security. Be mindful if you see the following items on someone’s wish list.

Digital Assistants and Smart Home Hubs
These little devices have made a splash as a useful household appliance, answering a user’s questions and controlling their various media. However, these nifty gizmos are always listening--literally. These devices rely on microphones that automatically activate, meaning that they hear everything you have to say. Imagine what a cybercriminal could do with the information they extract from them.

What’s worse, many of these devices now also come equipped with cameras, allowing a cybercriminal to effectively invade your privacy from anywhere.

While it may be a neat idea to take control of one’s environment through technology, it provides cybercriminals with the opportunity to take advantage of these devices as they victimize you, along with your family or staff. These devices can be used to spy on you and collect enough information to piece together your daily routine--invaluable intel for the criminal class. It’s important to keep this in mind if you are purchasing these devices for young children. Although Google and Amazon want to be on top of their security, it’s important to consider the lack of security awareness kids might have.

Connected Toys
While many of these devices may seem like they appeal to an older demographic, there are plenty of toys and games for children that are getting smarter. This also increases their creepiness factor, as hackers could use some toys--such as a Toymail Talkie--to communicate directly with children. Other connected playthings could provide hackers with details about a child’s life that are far too intimate. Edwin the Duck, a connected bath toy, could be used to extrapolate how often a child is bathed and when they are put to bed.

Smart Appliances
Of course, adults can have toys of their own in the form of appliances, and they are more and more frequently being built with smart capabilities included. We’re talking about wearables like fitness trackers and Internet of Things devices. Basically anything that connects to the Internet that isn’t a traditional computer or laptop would fall into this category. What isn’t always included is any sufficient security to keep these appliances from being made a part of a botnet. Furthermore, like digital assistants, these devices can easily collect data based on the activity around them.

DNA Testing Kits
This one may come as a surprise to many, but those kits that you send away with a vial of your spit may be the next major cause of privacy issues. After all, the product itself requires the most unique piece of personally identifiable information you have: your DNA. This specific data can quickly become valuable, especially for research purposes.

The agreements that you have to sign in order to use these services often have terms that grant the company permission to do as they will with your genetic data--which includes sharing a digitized version of this data with those who are willing to pay. While the Genetic Information Nondiscrimination Act of 2008 forbids the use of genetic data as a justification for discrimination-or firing someone because they have a predisposition to a condition-this kind of discrimination would be awfully hard to prove.

While the holidays should be a time of happiness, few things can put a damper on that happiness quicker than a security breach of your data. Mozilla has helpfully created a list of potentially risky products for consumers to reference as they do their holiday shopping.

So, what do you think? Is getting a good deal on an item for someone special worth risking a data breach? Let us know in the comments!