How to protect yourself against hacks on the hottest holiday gifts

An ABC7 I-Team Investigation

Jason Knowles Image
Friday, December 18, 2015
I-TEAM: Hacking gifts
I-TEAM: Some of your holiday tech gifts could be susceptible to hackers.

CHICAGO (WLS) -- The ABC 7 I-Team is investigating potential cyber breaches and hacks into some of the hottest gifts this season - find out what you need to know if you get a high-tech present.



They're anything from drones, home cameras and even children's toys - all connected to your Wi-Fi. It's estimated that there will be 21 billion of these devices in homes by 2020. They are also new targets - but the I-Team found out how you can avoid the being hacked for the holidays.



Thousands of cameras, hacked and streamed live on a Russian website, for the world to see. Tech experts at Keeper Security in Chicago showed us this pervasive problem.



"Right now we are actually looking at somebody's house in Chicago. Somebody's house they don't know it is on the Internet," said Darren Guccione, Keeper Security.



This industry website tracks hacks in real time - and shows dozens per minute.



Keeper says these are examples of how cyber thieves are accessing not only computers, but those Wi-Fi-enabled cameras and other IOT or "internet of things" devices - all hot gifts this holiday season.



"Anything that connects to the Internet, personal devices, toys, connected devices like smartwatches, Wi-Fi routers, smart TVs, virtually everything today we see that can connect to the Internet," Guccione said.



Guccione and other security experts say many of those devices are controlled by apps which can store your full name, birth date, home address and e-mail address.



"If a hacker gets into one of those core devices like your phone or like your PC or laptop, they now have access to what all of those other devices collected," said Stacey Conner, online safety expert at Intel Security.



All of these devices typically use applications that run on smartphones and tablets. So, if hackers breach those application, they could steal personal identifiable information.



Conner says if the app to this talking teddy bear were to get compromised, a hacker could even control what the bear says.



Last month the children's toy maker VTech said hackers may have accessed personal information of 5 million customers, including birth dates and names of those children. The company apologized and said it contacted affected users and suspended websites as a precaution.



Tech pros say even Wi-Fi-enabled rat traps or fitness trackers are targets.



"Things like medical conditions, heart rate, blood pressure, things like that. Once you download that, people can start taking a mosaic of your health. And if you think about out what cyber criminals really love, they love incredibly personal information," Conner said.



The company that makes the internet-connected rat trap, Vermin Alert, responded to an inquiry about safety with a statement: "We agree, with IoT devices users should be even more careful about selecting a strong account password since access to your account could give someone control over certain aspects of your home. They could even find out you have a mouse problem! Users with IoT apps on their phone should also make sure to keep their phone locked with a PIN, password or fingerprint. If your phone is unlocked and you lose it, someone could use the app to control your devices as well."



If you want these coveted gifts, you should strengthen passwords to at least eight characters and re-set the factory default passwords.



When possible, you should also use your fingerprint to access the paired apps, or what's known as two-factor authentication. That's when you have to verify a password using a code sent to your phone. But those options are not always available.



You can also get encrypted apps which store and manage passwords, like Keeper, so you can have different passwords without remembering them all.



We reached out to all of the manufacturers of the devices shown in this story. Two of them responded, agreeing that users should use safeguards.



One of the manufacturers, Foscam Camera, sent more information on securing Internet cameras, which can be found below.



Securing your Foscam Camera



1. Make sure your camera has the latest firmware installed. This firmwara protects against various types of online hacking and unauthorized access. You can download the latest firmware at www.foscam.us/firmware.html



2. Never use the default username or password for your foscam camera. Once your camera is installed. It is imperative to change both the default username and password. (the same applies for any device you connect to the internet. Such as your router or home automation system.)



3. Choose a username and password that is at least 8-10 characters of longer. Try to use a combination of lower-case and upper-case letters as well as numbers and special characters.



4. Change your default port to a port in the 8100 or greater range. Hackers often target default ports and you do not want to make yourself an easy target. By using a non-standard port it will make it more difficult for hackers to find your camera.



5. Check the logs of your foscam cameras often. Foscam cameras have embedded logs which allow you to see exactly which IP address are accessing the camera. You will be able to tell if an outsider has gained access to your camera.


Copyright © 2024 WLS-TV. All Rights Reserved.