Our tech team take a look at the top technology gadgets with security flaws you should perhaps avoid this Christmas.
1: The Fridge that Leaks (Your Gmail)
Samsung’s luxury smart fridge is here. The spacious, stainless steel model shown above, with its French doors and large freezer below waist height, looks at first like a fantastic gift.
But it’s major selling feature that sets it apart from other luxury fridges is its built-in, 8-inch Wi-fi enabled LCD screen. Taking pride of place on the front of the refrigerator door, right where you’d put a note to yourself, a recipe or a family to-do list, the LCD screen syncs seamlessly with a Samsung J6 phone and lets you follow recipes on Youtube or websites, do grocery shopping online while you’re looking at the fridge, and you can even place a phone call through the fridge.
Even if you don’t have a Samsung phone, you can listen to music through Pandora, check the news through the Associated Press app, and check the weather with Weatherbug.
In fact, there’s just one flaw with this high-end, luxury fridge. It leaks.
Specifically, it comes with a security flaw that leaks your Gmail credentials.
The embedded LCD screen has a calendar function through Google Calendar, and when it syncs with Google Calendar, it’s supposed to use SSL encryption.
It does — but then it doesn’t validate it, meaning there’s no way to know if the SSL certificate is real or false.
If it’s false, the fridge’s owner isn’t protected.
Ken Muro, Pen Test Partners security researcher, explains: ‘While SSL is in place, the fridge fails to validate the certificate. Hence, hackers who manage to access the network that the fridge is on (perhaps through a de-authentication and fake Wi-Fi access point attack) can Man-In-The-Middle the fridge calendar client and steal Google login credentials from their neighbours, for example.’
Scary stuff; you can probe a wifi network from across the street, and they’re the first port of call for hackers because they’re rife with security flaws in their own right.
So what can you do?
Until Samsung fixes the security flaw and makes sure your Gmail is safe, if you’re thinking of buying a loved one a fridge for Christmas, make sure it’s not this model!
2: Laptop with Remote Control (For Hackers)
In fact, this isn’t just one laptop. Instead, it applies to a host of top-flight laptops and other computing gear, not just the £1,559.99 Lenovo Thinkpad P52 above.
Most high-end computers use Intel chips, and Intel recently was hit with two security scandals, when their chips were found to have security flaws termed ‘Meltdown’ and ‘Spectre’ which allowed one program to steal data from another running program.
Scary stuff, but it’s not the worst news for Intel and their users. In a separate incident, Finnish researchers discovered a much more serious security flaw in Intel’s Active Management Technology. This technology is found in millions of laptops worldwide, especially professional, top-end ones, and it’s intended to give managers access to their employees’ devices via a separate chip that isn’t accessible to the main user.
Finnish security firm F-Secure said in January this year that the flaw was of an ‘almost shocking simplicity, but its destructive potential is unbelievable,’ and that ‘in practice… could give a hacker complete control over the affected laptop, despite the best security measures.’
The good news is, a hacker would need physical access to the device. But afterwards, they’d have the whole machine on remote control and could access it any time and make it do anything they want.
At that point, even the best cybersecurity measures — full disk encryption, VPN, firewalls — can’t make you safe.
So if you’re thinking of buying a loved one a laptop this Christmas, the chips to avoid are Intel’s new Xeon chips, and any device with AMT!
3: The Baby Monitor (That Others Can Monitor Too)
The Fredi baby monitor is an upscale solution to the problem of keeping an eye on your little ones — without having to always be in the room. It’s a best-seller in its category, and with its sleek looks and slick, phone-synching functionality, it’s easy to see why.
But it’s a security and privacy nightmare. Fredi doesn’t seem to have a privacy policy — at least, not one that Mozilla could find; and it has a history of being really, really easy to hack.
In the past, Fredis have been hacked and used to spy on parents and kids: the victim of one hack, Jamie Summitt, told ABCNews4: ‘my son is only 3 months old, and God knows what kind of images and videos out there of both of us and intimate moments.’
It’s vulnerable partly because it doesn’t use encryption of any kind, sending data across unsecured wifi without any additional security; break into the wifi or hack the router and you’re in. Or maybe it’s because it comes with a default password of ‘123.’
Whatever the reason, get a Fredi and you could be starring in your own movie, without even knowing it.
Security lags behind design, performance and every other element of a great product. The result can be products that are great products, but have an overlooked or unpredictable security flaw. And it can be products that just don’t pay any attention to security at all, and hope that nothing goes wrong.
Whatever the reason, don’t run the risk: do your research on security as well as features, style and function, and don’t buy a loved one a security trap this Christmas.