Tips & Advice

Buyer’s guide to IoT gift-giving

Martin Hron, 20 November 2018

Start your smart device shopping here.

This holiday season, you can count on just about everyone to shop smart, and I mean that in both senses of the phrase. Everybody wants to get the best deals and the most bang for their buck, yes, but I’m also talking about the internet of things, those smart devices of every form and function that currently dominate the holiday catalogs of Walmart, Target, and every other big-box department store. With Amazon launching a whole new line of Alexa products, including a digital assistant for your car, a voice-controlled microwave, and even a “smart plug,” we can now fill our homes with enough gizmos and gadgets that we’re beginning to resemble The Jetsons.

IoT devices are wondrous tools, enhancing our creature comforts by marrying them with our digital world. But therein lies their darker side as well. Every device you connect to the internet creates a doorway into your home, and you want the best security around every one of those doorways to be tight and dependable. Your personal info, your identity, and your safety could all be at risk, and that is not over-dramatizing. So how do you know which devices to trust? Which ones are good deals, and which ones are not?

If you’re thinking about buying a connected device for a loved one – or even yourself – this shopping and security guide is a must-read.

When IoT goes wrong

The tricky thing about IoT devices is that they really do serve as the perfect attack vectors. They expand the attack surface of your home by creating the doorways mentioned above, and they do it “under the radar,” as it were, since the general public doesn’t fret too much that they’ll be attacked through their baby monitor or smart thermometer.

But sadly, cybercriminals know all too well that it’s possible. In fact, that’s exactly what’s been happening.

Like something out of the next Oceans 11 film, cybercriminals infiltrated a casino through the smart thermometer in one of its aquariums. Who would have thought that this simple device, being used only to make sure a few fish have water that’s warm enough, could be used to burrow into the casino’s most top secret database? When everything is connected, everything is accessible.

In June this year, a mom in South Carolina discovered with horror that spying eyes were watching her breastfeed her baby through her baby monitor. And just this October, a Long Island mom learned that a stranger was watching her five-year-old son through their Nest cam when the stranger started speaking to the boy through the device. These home violations can be terrifying and traumatic, and they underscore the necessity for tight IoT security.

popular-iot-devicesPopular IoT devices for smart homes

How to choose the best IoT devices to gift, even for yourself!

Like the retail industry, the IoT universe consists of a great number of excellent products and an even greater number of less-established knockoffs. These better-priced-yet-sometimes-inferior products are tempting to buy, but the low cost to your wallet may translate to a high cost to your privacy if you purchase a cheaper version that has poor security.

Before buying any IoT device, check this list and check it twice:

  1. Compare the price — Check the price of the device against other comparable products. If it’s in the same ballpark, that’s a good sign. If it’s drastically lower than its competitors, you have to wonder why and dig a little deeper.

  2. Look at the brand — If it’s not a well-known brand, look it up to see which retailers sell it. Then, on the manufacturer’s web pages, look at how much info you can find on the device: do they support it, what are the tech specs, do they mention future software/firmware updates, when was the last time they issued updates, etc.

  3. Observe the website’s design — Does the manufacturer in question use http or https? The more security-conscious products will definitely use https, the internet protocol that encrypts the connection between you and the website. Note: here, we’re talking about the security of the product’s website, not the product itself. But the effort the company does or doesn’t put into website security could be indicative. Also, if the specific product being considered has management pages or a portal on the internet and the login page uses HTTP, pull back and re-consider your purchase.

  4. Review the capabilities — What info does the device collect? Does it use a microphone or a camera? Consider the data it will access so that you understand the risk involved, should that info get compromised. And ask yourself if it makes sense that the device accesses that info. If not, think again about whether you really need the device.

  5. Check out the CVE details — CVE stands for Common Vulnerabilities and Exposures, and there is a site available for public reference that lists manufacturers and all known vulnerabilities associated with them. Look up the maker of the device you’re considering on the CVE vendor page. Check for any reports of high-security vulnerabilities. Poke around further on the site to look up specific versions of specific products.

  6. Look up user reviews — If there are any available, read user reviews on the product. Check the rating and number of downloads to get a sense of whether others praise it or have had problems with it. Look at both positive and negative reviews — do they seem like they are real reviews with enough detail that makes sense, or are they one-word reviews just giving it 4 or 5 stars?  

  7. Consider the setup process — Does it mention anything about security? Does it suggest you change the default password to something complex? If the setup process basically instructs you to turn it on and let it go, without any mention of security and protection, it could be a red flag.

The bottom line here is that if the device is not made by a well-known brand and if it’s priced much lower than comparable products, you should dig deeper to see if anything leads you to believe it’s not a company you can trust. Follow the suggestions above to identify more tell-tale signs of whether the product you’re considering is a yay or a nay.

Comparison shopping for IoT devices

smart-home-assistant-devices

For an example of comparison shopping for IoT devices, check out these charts. We looked at the latest voice assistants, wearable fitness products, smart doorbells, smart speakers, and even smart vacuum cleaners. We compared support, capabilities, and price, and made sure to include at least two lesser known products in each list.  

You’ll see that a lot of the alternative products do not have a full website, do not have easy-to-access support, and in many cases there is no “how to update” or general update information available. These could be clues that in the long term you won’t receive technical support or future updates (one of the best ways to ensure the security of IoT devices over time).

This is not a guarantee of 100% security, nor are we endorsing these products, but the information below may make you think twice about your purchase, whether it’s for your loved one or yourself.

Voice assistants

Item Price Function Capabilities Support Updates
Google Home Hub $149 All-in-one voice assistant where you can control all other smart devices and use everything on one screen Built-in microphone, Bluetooth, Wi-Fi connectivity, works with Android, iOS, Mac, Windows, Chromebook Support page offers live chat, FAQ articles, phone numbers, call-back functions to avoid waiting in long lines, and social media accounts that post updates. Update page
Amazon Echo Plus $149 New generation Amazon voice assistant that focuses on higher quality sound. Pairs with Amazon Alexa and works in your home as a typical voice assistant would Built-in audio input/output configured in the app, Wi-Fi connectivity, compatible with Fire OS, iOS, and Android devices Support page links to Contact Us and Ask the Community, which requires an Amazon account
iLive Voice Activated Amazon Alexa Portable Wireless Fabric Speaker $60
Alexa-enabled smart speaker that can play any music app that can be accessed via the iLive app. 

Alexa-enabled, app-controlled, Wi-Fi connectivity, pair multiple speakers to create cohesive sound
Links from support page simply go to the product pages, not to any more information
No information about software or firmware updates
DreamWave Genie $60 Smart speaker that can be used with Amazon Alexa, Google Now, Siri, and Cortana in any language supported by the voice assistants. 
Bluetooth, Wi-Fi Connectivity
Support page only has a warranty registration and a refund request page
No information about software or hardware updates

Wearable IoT

Item Price Function Capabilities Support Updates
Apple Watch Series 4 $399
Wi-Fi or cellular connected smart watch. Has most, if not all, of the features that comes with iPhone
Wi-Fi compatible, cellular compatible with specific purchased models, GPS, connects with iPhone, and has more features specific to health, exercise, etc. Support page has all international numbers listed, an online chat option, ability to set up an in-store appointment, online store help, and accessibility help Update page
FitBit Charge 3 $149.95
Smart watch that tracks sleep patterns, health, fitness, and more.
Bluetooth, phone syncing when nearby, automatic syncing, plus all health features Support page has a dedicated Twitter channel for support, live chat, phone number, FitBit community, and troubleshooting Page that links to all types of Fitbits with software update details
Vipus Fitness Tracker Watch $24.99
Smart watch with heart rate monitoring feature  
Bluetooth, smartphone compatible, app-controlled
No website available 
No website available 
Fixm IP67 Waterproof Fitness Tracker $20.99
Smart watch that is a cheaper version of many others in the market, enticing because it offers many features the leading brands offer, but no website besides Walmart has any information about this product
Bluetooth, smartphone compatible, app-controlled
No website available 
No website available 

Smart doorbell

Item Price Function Capabilities Support Updates
Ring Video Doorbell $99 Video doorbell that connects with an app to show who is at the door Two-way talk with noise cancellation, video, works with Android, iOS, Mac, and Windows 10, WiFi connectivity, motion detection Phone number to call for support 24/7 and article section dedicated to trying to find the problem before needing to call Update page
Nest Hello $229
Video doorbell with optional facial recognition, integrates with other Nest products and Google Home speakers
Video recording, motion and sound alerts, Wi-Fi connectivity, audio capabilities
Contact page has full support options for each specific product, also Twitter, phone number, live chat, email, and Ask the Community features

Products keep themselves automatically updated when connected online
 
Support article lists all versions of products and how to update each one
Smart Wireless WiFi Visual Doorbell $36 Video doorbell with Wi-Fi connectivity, no brand name associated with it
Wi-Fi connectivity, video and audio, app-controlled
No website available 
No website available 
$74.95 Video doorbell 
Video camera, app-controlled, Wi-Fi connectivity, requires phone to operate it
Website with support center No information online regarding software or firmware updates

Smart speakers

Item Price Function Capabilities Support Updates
Sonos One $199 Amazon-enabled smart speaker; plays music, radio, podcasts and more; stereo pairing, airplay compatible with iOS devices
Wi-Fi connectivity, requires connection to separate Amazon devices (Echo Plus, Echo Dot etc.), compatible with Fire OS, iOS, and Android devices
Support page links to Contact Us and Ask the Community, requires Amazon account
Update page links to all current software on all Alexa devices
Amazon Echo Sub $129.99
Smart speaker that can be used with a compatible Echo device to boost audio

Wi-Fi connectivity, requires connection to separate Amazon devices (Echo Plus, Echo Dot etc.), compatible with Fire OS, iOS, and Android devices
Support page links to Contact Us and Ask the Community, requires Amazon account
 
Update page links to all current software on all Alexa devices
Bose Home Speaker 500 $399
Amazon-enabled smart speaker with with Alexa voice control built in
Wi-Fi and Bluetooth connectivity, Amazon Alexa compatibility, app-controlled
 
Many options for how to resolve issues (articles, picking specific products, and more)
 
Plus specific firmware and software update info in Support articles on the website
Jensen JSB 1000 $130 Smart speaker that works with Alexa or Google
Bluetooth, Wi-Fi connectivity, Google Chromecast

No website available 
No website available 
TicHome Min $100
Splash-proof mini speaker that pairs with Bluetooth and uses Google Assistant
Bluetooth, battery- operated, Google Assistant built in
Support page that requires you to submit a question if not featured in the FAQ
No mention of software or firmware updates

Smart robot vacuum cleaners

Item Price Function Capabilities Support Updates
Neato Botvac D3 Connected $399.99
Connected robot vacuum that  vacuums your floors, and can be controlled via an app

Wi-Fi connectivity, app-controlled, Amazon Alexa and Google Home compatible via voice control      

Support page includes videos and how to articles

Contact page includes phone numbers, email, and live chat options 

iRobot Roomba 890
$399.99 Connected robot vacuum that vacuums your floors and can be controlled with an app compatible with most smartphones Wi-Fi Connectivity, app-controlled, works with Amazon Alexa and Google Assistant  Support page Update page
Ecovacs Robotics Deebot N79S $149 Connected robot vacuum cleaner that vacuums your floors Wi-Fi connectivity  Support page 
Could not find support articles on firmware updates on support site for the N79S
Tesvor Robot Vacuum Cleaner $189.99 Connected robot vacuum cleaner that vacuums your floors  Wi-Fi connectivity No support page on website that we could find No software update info available online

Securing your IoT device

Okay, so let’s say you did your homework, made a purchase, and presented your gift to the lucky recipient. Your work as a gift-giver is not over yet. The next crucial step is to remind them (including yourself and your family members) that setting up the device with strong security is a non-negotiable. Bookmark this blog post and follow these final essential steps for top IoT security:

  1. Change the default password on the device to something uncrackable. Use these best practices for passwords to concoct your own. If the device allows for 2FA (two-factor authentication), enable it.

  2. Do the same as above to your router. When you add a new device, it’s a great reminder to change your router’s password at the same time. And if it too allows 2FA, enable it. (If you’ve never changed your router’s default password, please drop everything and do so immediately.)

  3. Watch for updates for your device’s software or firmware, and install them as soon as they become available. This will keep your device running at optimum performance with the highest security. It’s worth noting that devices such as the Amazon Echo and Google Home Assistant automatically update the software or firmware without any action required by the user.

Once the holiday season is behind us and the decor is placed back in the attic, households all over the world will contain more IoT devices than they do now.

Attack surfaces are increasing, but that doesn’t have to deter you from enjoying these wonders of the modern world. As long as you choose your IoT purchases carefully and accept the responsibility of setting up their security, you can deck the halls merrily with the coolest holiday gifts of the season.