The year-end shopping festival has dawned and almost every other person wants to indulge themselves in online or offline shopping for various goods. With digital brands offering lucrative offers for Black Friday and Cyber Monday, it’s hard to resist buying a piece of smart tech for either your own self or for your house. Hackers have been using new methods where they trick the end customer in buying a compromised product or siphon your data by employing a phishing attack.
We always advise approaching a new buy with a lot of caution since there are chances that threat actors can improvise or hamper a digital product for their own benefits.
Here are a few steps one should take before buying a smart device.
- Research about the product online
Allow smart engines in aiding you with your research, just type in the name of the product online and add some keywords like “Hack, Security and Vulnerability” to your search. It shall take you less than a few seconds to spot a security issue if there is any. - Before you buy the product – Get the App
The application that controls the device is as important as the device itself. Hence, we advise on downloading the app for android or ios, signing up and creating an account for yourself. It’s crucial to know whether they are playing safe with the password you are going to create.
Try creating an account with a throw-away email and then set your password to something very simple like the word apple to see what happens next. If it was rejected for being too weak then try changing it to apple1, to see if it works. Unfortunately, if it works, then it means that the manufacturer is not too serious about the security of your account. - Always read the manual before buying
The product manual is always available on the manufacturer’s website, download the manual from there. Look for the section that deals with connecting the smart device for the first time. You need to know if the device uses a Wi-Fi and how do you connect the app on your phone to the device. Do you have to press a button on the device to enable Wi-Fi connection or is the Wi-Fi connection wide open without any passwords, or does it have the same password for all the devices.
If the product used Bluetooth, how do you connect your phone with the smart device or can you automatically pair with the device next time and how many devices can be paired. Having knowledge of how the product can be handled remotely can help you to string a precautionary strategy in order to prevent it from being hacked or to put measures in place if it is ever hacked. - Does the manufacturer take physical security seriously?
Scour the website and the product manual to check what the manufacturer mentions about the security of the device. Do they use words like Military Grade, or Bank-Grade Encryption or any other technological jargons like AES 256. A responsible manufacturer would always mention if their security has been independently reviewed and what other processes they follow to keep user’s data secure.
Another crucial thing is to check if the makers have a bug bounty program, which would mean the manufacturers are seriously hunting down vulnerabilities in the device while hiring others to do the same and working hard to devising patches for it. - Implement a strong password
Needless to say, a weak password is the easiest way to hack an IoT device. Hence, it’s advisable to use a strong, complicated and unique password that you haven’t used anywhere else. To make things simpler, you can enlist the assistance of a password managing app and check if the device allows a two-step verification process. - How to care for things post-purchase?
Once the purchase is made, keep checking for updates of security fixes and patches. Ensure the phone you use allows the IoT app to check for updates and apply them as soon as you get the notification. Keep updating the mobile app and check for security fixes and other updates for the device as well.
IoT devices are now becoming the top target for cybercriminals and they are becoming eager by the day to get their hands on somebody else’s data. Following the above-mentioned steps to secure your Black Friday and Cyber Monday acquisitions.
To read more, please check eScan Blog