Holiday gifts: Beware of those that can spy on you
When it comes to high-tech toys and gadgets as gifts, consumers concerned about privacy should be wary. Some products can be hacked and used to track the owner's whereabouts, or take private videos or images and share them online.
That led researchers at Mozilla, the open-source software development group behind the Firefox browser, to answer this question: What could go wrong when a connected product comes without encryption, needs to use a password or doesn't delete stored data? To find out, they took a look at 70 products that could make for gifts -- and security risks -- this holiday season.
In a shopping guide released on Wednesday, Mozilla found just under half, or 33 of the products, met its minimum security standards. They include five basics: The product must use encryption; the maker must provide automatic security updates; if a product uses a password, it must be a strong one; the maker must have a way to manage security vulnerabilities found in its products; and it must have an accessible privacy policy.
The remaining 37 products did not meet Mozilla's security bar, or the results on them were inconclusive.
Here's the rundown of some of products deemed unworthy of Mozilla's minimum standards to address privacy concerns:
The Amazon Kindle, which retails from $79.99 to $249.99, can't spy on you because it doesn't have a camera, microphone or tracking device. But because it doesn't require you to change the default setting of no password, someone could easily swipe the reading device and buy the complete set of Harry Potter, sending you the bill.
This petcam from Wagz retails for $169.99 and includes an app that shares all your furry friend's activities to social media. What could go wrong? "Bad people could hack in, spy on you like you spy on your dog, then post creepy pics to your social media," according to the guidebook.
Made by zerotech, this $169 drone is among the cheapest and smallest -- it'll fit into many pockets. Now for the bad news:
"This drone doesn't seem to meet our minimum security standards and we couldn't find a privacy policy," said Mozilla. "Both are bad news when it comes to a flying HD camera and app on your phone. All your pretty videos could easily be taken by someone else."
This little Wi-Fi connected dinosaur listens to questions, gives age-appropriate answers and grows with its owner over time. It retails for $59.99 from CogniToys, which told Mozilla the toy "uses encryption for all audio traffic and in fact each one uses unique keys, which are also cycled per session per device." However, you aren't required to change the default password, and you'd need a 14th-grade reading ability to understand the privacy policy.
Of six toys marketed to children that Mozilla tested, it was able to compromise the security of five.
Devices meant to protect your home and family can work both ways, it seems.
The FREDI Baby Monitor "has a history of being easily hacked, uses a default password of '123' and doesn't have a privacy policy" that Mozilla could find from its manufacturer. "This product does a seemingly poor job protecting privacy and security. Potentially, someone could access the video feed during private moments and spy on your family," according to Mozilla.
The latest baby monitor hacking incident involves a $34 FREDI wireless baby camera monitor, used to spy on a South Carolina mother and baby earlier this year.