Start your smart device shopping here.
This holiday season, you can count on just about everyone to shop smart, and I mean that in both senses of the phrase. Everybody wants to get the best deals and the most bang for their buck, yes, but I’m also talking about the internet of things, those smart devices of every form and function that currently dominate the holiday catalogs of Walmart, Target, and every other big-box department store. With Amazon launching a whole new line of Alexa products, including a digital assistant for your car, a voice-controlled microwave, and even a “smart plug,” we can now fill our homes with enough gizmos and gadgets that we’re beginning to resemble The Jetsons.
IoT devices are wondrous tools, enhancing our creature comforts by marrying them with our digital world. But therein lies their darker side as well. Every device you connect to the internet creates a doorway into your home, and you want the best security around every one of those doorways to be tight and dependable. Your personal info, your identity, and your safety could all be at risk, and that is not over-dramatizing. So how do you know which devices to trust? Which ones are good deals, and which ones are not?
If you’re thinking about buying a connected device for a loved one – or even yourself – this shopping and security guide is a must-read.
The tricky thing about IoT devices is that they really do serve as the perfect attack vectors. They expand the attack surface of your home by creating the doorways mentioned above, and they do it “under the radar,” as it were, since the general public doesn’t fret too much that they’ll be attacked through their baby monitor or smart thermometer.
But sadly, cybercriminals know all too well that it’s possible. In fact, that’s exactly what’s been happening.
Like something out of the next Oceans 11 film, cybercriminals infiltrated a casino through the smart thermometer in one of its aquariums. Who would have thought that this simple device, being used only to make sure a few fish have water that’s warm enough, could be used to burrow into the casino’s most top secret database? When everything is connected, everything is accessible.
In June this year, a mom in South Carolina discovered with horror that spying eyes were watching her breastfeed her baby through her baby monitor. And just this October, a Long Island mom learned that a stranger was watching her five-year-old son through their Nest cam when the stranger started speaking to the boy through the device. These home violations can be terrifying and traumatic, and they underscore the necessity for tight IoT security.
Popular IoT devices for smart homes
Like the retail industry, the IoT universe consists of a great number of excellent products and an even greater number of less-established knockoffs. These better-priced-yet-sometimes-inferior products are tempting to buy, but the low cost to your wallet may translate to a high cost to your privacy if you purchase a cheaper version that has poor security.
Before buying any IoT device, check this list and check it twice:
Compare the price — Check the price of the device against other comparable products. If it’s in the same ballpark, that’s a good sign. If it’s drastically lower than its competitors, you have to wonder why and dig a little deeper.
Look at the brand — If it’s not a well-known brand, look it up to see which retailers sell it. Then, on the manufacturer’s web pages, look at how much info you can find on the device: do they support it, what are the tech specs, do they mention future software/firmware updates, when was the last time they issued updates, etc.
Observe the website’s design — Does the manufacturer in question use http or https? The more security-conscious products will definitely use https, the internet protocol that encrypts the connection between you and the website. Note: here, we’re talking about the security of the product’s website, not the product itself. But the effort the company does or doesn’t put into website security could be indicative. Also, if the specific product being considered has management pages or a portal on the internet and the login page uses HTTP, pull back and re-consider your purchase.
Review the capabilities — What info does the device collect? Does it use a microphone or a camera? Consider the data it will access so that you understand the risk involved, should that info get compromised. And ask yourself if it makes sense that the device accesses that info. If not, think again about whether you really need the device.
Check out the CVE details — CVE stands for Common Vulnerabilities and Exposures, and there is a site available for public reference that lists manufacturers and all known vulnerabilities associated with them. Look up the maker of the device you’re considering on the CVE vendor page. Check for any reports of high-security vulnerabilities. Poke around further on the site to look up specific versions of specific products.
Look up user reviews — If there are any available, read user reviews on the product. Check the rating and number of downloads to get a sense of whether others praise it or have had problems with it. Look at both positive and negative reviews — do they seem like they are real reviews with enough detail that makes sense, or are they one-word reviews just giving it 4 or 5 stars?
Consider the setup process — Does it mention anything about security? Does it suggest you change the default password to something complex? If the setup process basically instructs you to turn it on and let it go, without any mention of security and protection, it could be a red flag.
The bottom line here is that if the device is not made by a well-known brand and if it’s priced much lower than comparable products, you should dig deeper to see if anything leads you to believe it’s not a company you can trust. Follow the suggestions above to identify more tell-tale signs of whether the product you’re considering is a yay or a nay.
For an example of comparison shopping for IoT devices, check out these charts. We looked at the latest voice assistants, wearable fitness products, smart doorbells, smart speakers, and even smart vacuum cleaners. We compared support, capabilities, and price, and made sure to include at least two lesser known products in each list.
You’ll see that a lot of the alternative products do not have a full website, do not have easy-to-access support, and in many cases there is no “how to update” or general update information available. These could be clues that in the long term you won’t receive technical support or future updates (one of the best ways to ensure the security of IoT devices over time).
This is not a guarantee of 100% security, nor are we endorsing these products, but the information below may make you think twice about your purchase, whether it’s for your loved one or yourself.
| Item | Price | Function | Capabilities | Support | Updates |
| Google Home Hub | $149 | All-in-one voice assistant where you can control all other smart devices and use everything on one screen | Built-in microphone, Bluetooth, Wi-Fi connectivity, works with Android, iOS, Mac, Windows, Chromebook | Support page offers live chat, FAQ articles, phone numbers, call-back functions to avoid waiting in long lines, and social media accounts that post updates. | Update page |
| Amazon Echo Plus | $149 | New generation Amazon voice assistant that focuses on higher quality sound. Pairs with Amazon Alexa and works in your home as a typical voice assistant would | Built-in audio input/output configured in the app, Wi-Fi connectivity, compatible with Fire OS, iOS, and Android devices | Support page links to Contact Us and Ask the Community, which requires an Amazon account | |
| iLive Voice Activated Amazon Alexa Portable Wireless Fabric Speaker | $60 | Alexa-enabled smart speaker that can play any music app that can be accessed via the iLive app. |
Alexa-enabled, app-controlled, Wi-Fi connectivity, pair multiple speakers to create cohesive sound |
Links from support page simply go to the product pages, not to any more information | No information about software or firmware updates |
| DreamWave Genie | $60 | Smart speaker that can be used with Amazon Alexa, Google Now, Siri, and Cortana in any language supported by the voice assistants. | Bluetooth, Wi-Fi Connectivity |
Support page only has a warranty registration and a refund request page | No information about software or hardware updates |
| Item | Price | Function | Capabilities | Support | Updates |
| Apple Watch Series 4 | $399 | Wi-Fi or cellular connected smart watch. Has most, if not all, of the features that comes with iPhone |
Wi-Fi compatible, cellular compatible with specific purchased models, GPS, connects with iPhone, and has more features specific to health, exercise, etc. | Support page has all international numbers listed, an online chat option, ability to set up an in-store appointment, online store help, and accessibility help | Update page |
| FitBit Charge 3 | $149.95 | Smart watch that tracks sleep patterns, health, fitness, and more. |
Bluetooth, phone syncing when nearby, automatic syncing, plus all health features | Support page has a dedicated Twitter channel for support, live chat, phone number, FitBit community, and troubleshooting | Page that links to all types of Fitbits with software update details |
| Vipus Fitness Tracker Watch | $24.99 | Smart watch with heart rate monitoring feature |
Bluetooth, smartphone compatible, app-controlled | No website available |
No website available |
| Fixm IP67 Waterproof Fitness Tracker | $20.99 | Smart watch that is a cheaper version of many others in the market, enticing because it offers many features the leading brands offer, but no website besides Walmart has any information about this product |
Bluetooth, smartphone compatible, app-controlled | No website available |
No website available |
| Item | Price | Function | Capabilities | Support | Updates |
| Ring Video Doorbell | $99 | Video doorbell that connects with an app to show who is at the door | Two-way talk with noise cancellation, video, works with Android, iOS, Mac, and Windows 10, WiFi connectivity, motion detection | Phone number to call for support 24/7 and article section dedicated to trying to find the problem before needing to call | Update page |
| Nest Hello | $229 | Video doorbell with optional facial recognition, integrates with other Nest products and Google Home speakers |
Video recording, motion and sound alerts, Wi-Fi connectivity, audio capabilities | Contact page has full support options for each specific product, also Twitter, phone number, live chat, email, and Ask the Community features |
Products keep themselves automatically updated when connected online Support article lists all versions of products and how to update each one
|
| Smart Wireless WiFi Visual Doorbell | $36 | Video doorbell with Wi-Fi connectivity, no brand name associated with it | Wi-Fi connectivity, video and audio, app-controlled |
No website available | No website available |
| $74.95 | Video doorbell | Video camera, app-controlled, Wi-Fi connectivity, requires phone to operate it |
Website with support center | No information online regarding software or firmware updates |
| Item | Price | Function | Capabilities | Support | Updates |
| Sonos One | $199 | Amazon-enabled smart speaker; plays music, radio, podcasts and more; stereo pairing, airplay compatible with iOS devices | Wi-Fi connectivity, requires connection to separate Amazon devices (Echo Plus, Echo Dot etc.), compatible with Fire OS, iOS, and Android devices |
Support page links to Contact Us and Ask the Community, requires Amazon account |
Update page links to all current software on all Alexa devices
|
| Amazon Echo Sub | $129.99 | Smart speaker that can be used with a compatible Echo device to boost audio |
Wi-Fi connectivity, requires connection to separate Amazon devices (Echo Plus, Echo Dot etc.), compatible with Fire OS, iOS, and Android devices |
Support page links to Contact Us and Ask the Community, requires Amazon account |
Update page links to all current software on all Alexa devices
|
| Bose Home Speaker 500 | $399 | Amazon-enabled smart speaker with with Alexa voice control built in |
Wi-Fi and Bluetooth connectivity, Amazon Alexa compatibility, app-controlled |
Many options for how to resolve issues (articles, picking specific products, and more)
|
Plus specific firmware and software update info in Support articles on the website
|
| Jensen JSB 1000 | $130 | Smart speaker that works with Alexa or Google | Bluetooth, Wi-Fi connectivity, Google Chromecast |
No website available |
No website available |
| TicHome Min | $100 | Splash-proof mini speaker that pairs with Bluetooth and uses Google Assistant |
Bluetooth, battery- operated, Google Assistant built in | Support page that requires you to submit a question if not featured in the FAQ |
No mention of software or firmware updates |
| Item | Price | Function | Capabilities | Support | Updates |
| Neato Botvac D3 Connected | $399.99 | Connected robot vacuum that vacuums your floors, and can be controlled via an app |
Wi-Fi connectivity, app-controlled, Amazon Alexa and Google Home compatible via voice control |
Support page includes videos and how to articles Contact page includes phone numbers, email, and live chat options |
|
iRobot Roomba 890 |
$399.99 | Connected robot vacuum that vacuums your floors and can be controlled with an app compatible with most smartphones | Wi-Fi Connectivity, app-controlled, works with Amazon Alexa and Google Assistant | Support page | Update page |
| Ecovacs Robotics Deebot N79S | $149 | Connected robot vacuum cleaner that vacuums your floors | Wi-Fi connectivity | Support page | Could not find support articles on firmware updates on support site for the N79S |
| Tesvor Robot Vacuum Cleaner | $189.99 | Connected robot vacuum cleaner that vacuums your floors | Wi-Fi connectivity | No support page on website that we could find | No software update info available online |
Okay, so let’s say you did your homework, made a purchase, and presented your gift to the lucky recipient. Your work as a gift-giver is not over yet. The next crucial step is to remind them (including yourself and your family members) that setting up the device with strong security is a non-negotiable. Bookmark this blog post and follow these final essential steps for top IoT security:
Change the default password on the device to something uncrackable. Use these best practices for passwords to concoct your own. If the device allows for 2FA (two-factor authentication), enable it.
Do the same as above to your router. When you add a new device, it’s a great reminder to change your router’s password at the same time. And if it too allows 2FA, enable it. (If you’ve never changed your router’s default password, please drop everything and do so immediately.)
Watch for updates for your device’s software or firmware, and install them as soon as they become available. This will keep your device running at optimum performance with the highest security. It’s worth noting that devices such as the Amazon Echo and Google Home Assistant automatically update the software or firmware without any action required by the user.
Once the holiday season is behind us and the decor is placed back in the attic, households all over the world will contain more IoT devices than they do now.
Attack surfaces are increasing, but that doesn’t have to deter you from enjoying these wonders of the modern world. As long as you choose your IoT purchases carefully and accept the responsibility of setting up their security, you can deck the halls merrily with the coolest holiday gifts of the season.
1988 - 2024 Copyright © Avast Software s.r.o. | Sitemap Privacy policy