Suddenly it’s the season of peace and joy and goodwill toward men, but last week the world was filled with scammers as well. And they just don’t seem to get that holiday feeling.
The Internet Society and Consumers International are warning holiday shoppers about dangers lurking within Internet-connected devices.
The groups have released a video spoofing a QVC-type channel’s sales pitch for a darling (and fictitious) baby monitor called Buggle Baby that can be used by cybercriminals to spy on the family that put it in their infant’s room.
“Because it connects online and it’s super easy to hack, the camera and speakers can be controlled by total strangers online!” says Joy the hostess, with the perky sales voice that makes that seem like a desirable feature. “Wow! That is terrifying!” responds her equally bubbly co-host Steve.
“But there’s more,” says Joy. “It can also be used to access other smart devices in your home. Like, if you’re watching TV, they can be watching -- and listening -- to you.”
The cost? “Your privacy, your piece of mind, your savings…"
The thing is, there are millions of potentially vulnerable Internet-of-things devices that can turn on you -- fitness trackers and thermostats, routers, even “smart” light bulbs. In 2017, Gartner research estimated there were 8.4 billion Internet-connected items in the world. By 2020, it predicts 20.4 billion. Some of them are trouble waiting to happen.
Many manufacturers take precautions, like requiring you to set a new password when you purchase the unit. But many don’t, and many consumers don’t know or don’t care. That’s what the Internet Society and Consumers International are trying to change.
“There are thousands of items being transported to this country right now that are vulnerable,” says Jeff Wilbur, technical director of the Internet Society’s Online Trust Alliance -- not trying to be alarming, but as a way of saying the problem is common and continuing. “It’s not super-sophisticated hacking.”
Earlier this year, Amazon and other merchants quit selling CloudPets plush toys that let kids record their parent’s voice. But cybersafety experts worried the unprotected bluetooth in the unit could allow a criminal to record audio, or to take over the voice controls Potentially that voice could convince a little kid to do a lot of bad things. Credit Mozilla for flagging the dangers of the toy to Amazon, Target and Walmart, and getting it off the market.
Unfortunately for consumers, Wilbur points out, this is a problem nobody is doing a lot to solve. “You have to to do your own homework,” he says.
The Internet Society provides a good, concise guide for consumers on its website, suggesting they update passwords, turn on strong encryption (you can turn on various levels) and check online reviews and the device's instructions to see how dangerous their personal “Buggle Baby” devices might be.
Wilbur says the video, on YouTube, is mainly intended for consumer and community groups that pay attention to such things. There’s no TV campaign, though he agrees it would be a good message to deliver to local TV stations’ consumer-oriented newscasts.
And while the website gives guidance to consumers, it also is trying to help manufacturers, whose products “are rushed to market with the lowest possible cost with little consideration for basic security and privacy protections.” The group has created an “IoT Trust Framework” for manufacturers and marketers.
Though it’s comparatively little known, the Internet Society has been around since 1992 and among its missions is advancing the development and application of Internet infrastructure, technologies, and open standards. The British Consumers International is an umbrella group for 250 consumer groups in 120 countries.