7 On Your Side: Online gift dangers
WASHINGTON (ABC7) —
This year, shoppers have even more to worry about. And it’s not just the risk of shopping online, but some gifts that connect to the internet could jeopardize people’s privacy.
Tara Palacios, a Northwest D.C. resident, admits she does a lot of online shopping and will take a chance on questionable websites, but does she worry about her personal information and credit card data getting to hackers?
“No, because I think it’s already out there,” she said.
Heinan Landa, CEO of Optimal Networks, says beware.
“You can’t get major, massive deals, so use common sense. If it’s too good to be true, it is," he said.
What about after the gifts are opened? Some that connect to the internet have the potential to be hacked.
Landa points to the popular Furby Connect by Hasbro.
“It turns out that the protocol used to go between the Furby and the phone is completely not secure, and someone could be hanging out your child’s window with another phone and a laptop and hack into it and make this Furby do whatever they want it to do,” he said.
All kinds of gifts can be at risk, even vacuums.
“The most recent security flaw was found in the LG Hom-bot,” Heinan says, “They could hack into it and see all the cameras, literally scope out your house.”
We reached out to Hasbro and LG Electronics. Both sent us statements (See full statements below). Hasbro insists its toy meets government privacy requirements. LG Electronics says it’s already implemented software updates and that none of its customers were affected.
When devices are listening in, watching, or simply communicating online, Landa says you have to decide whether it’s a risk you’re willing to take.
He recommends doing your research by Googling the name of the device, plus the word “security” and see what pops up.
“And that’s how I learned to hack to Furby!” he said.
But if you believe you, your child, and your data will stay safe, Landa says go for it.
At Hasbro, children’s privacy is a top priority, and that is why we carefully designed the FURBY CONNECT toy and the FURBY CONNECT WORLD app to comply with the U.S. Children’s Online Privacy Protection Act. In support of this, we also engaged a third party to perform security testing on the FURBY CONNECT toy and FURBY CONNECT WORLD app.
We feel confident in the way we have designed both the toy and the app to deliver a secure play experience. The FURBY CONNECT toy and FURBY CONNECT WORLD app were not designed to collect users’ name, address, online contact information (e.g., user name, email address, etc.) or to permit users to create profiles to allow Hasbro to personally identify them, and the experience does not record your voice or otherwise use your device’s microphone.
We carefully reviewed the report, and take this very seriously. While the researchers at Which? identified ways to manipulate the FURBY CONNECT toy, we believe that doing so would require close proximity to the toy, and that there are a number of very specific conditions that would all need to be satisfied in order to achieve the result described by the researchers at Which?, including reengineering the FURBY CONNECT toy, creating new firmware, and then updating the firmware, which requires being within Bluetooth range while the FURBY CONNECT toy is in a “woke” state. A tremendous amount of engineering would be required to reverse engineer the product as well as to create new firmware.
LG ELECTRONICS STATEMENT:
Earlier this year, LG Electronics teamed up with Check Point Software Technologies – a respected expert in IT security – to detect security issues in our smart ecosystem. When Check Point reported that they had detected a vulnerability in the SmartThinQ App, LG immediately took action to solve this issue, and since September 29, the app has been running on the newly updated 1.9.20 version without any issues.
The security breach discovered by Check Point was found in a research environment; there have been no actual cases recorded where consumers were exposed to a security breach. LG worked with Check Point to help assure that consumers were not affected, and we were able to solve the issue through swift software updates.
Strengthening our software security system is a top priority at LG and partnering with cyber-security solution experts such as Check Point is part of our strategy going forward.