最容易被破解设备

There are now more than 3 billion connected devices in use by consumers, according to Gartner, and this number will increase to 4 billion next year.

A big chunk of that increase will come as a result of the holiday season, when 65 percent of Americans say they plan to buy consumer electronics gifts, according to an October report by the Consumer Electronics Association. The amount of spending on tech will reach $34.2 billion, making the the biggest tech shopping season on record, according to Shawn DuBravac, CEA’s chief economist and senior director of research.

许多这些礼物可能是连接开发ices, including smart TVs, tablets, smartphones, notebooks and laptops, and video game consoles. In addition, a third of all consumers -- 33 percent -- plan to buy an emerging technology product this year such as as smart home devices, wearable fitness trackers, smart watches, and drones.

Unfortunately, many of these devices will make homes more vulnerable to hackers.

作为与智能手机，平板电脑的安全性主要取决于其操作系统上。

虽然，所有恶意软件的目标机器人会的97％，根据iOS设备偶尔会被泄露移动安全威胁报告from Pulse Secure.

The iOS ecosystem offers a couple of major security advantages over Android, including tighter control of the apps allowed in the app store, and Apple's ability to quickly push out security-related upgrades to all users. Android security updates, however, typically have to go through individual manufacturers, which can involve significant delays.

但是平板电脑也有风险的级别。

"Tablets are used much in the way laptops are used and often contain work related documentation with sensitive information," said Bruce Snell, director of security and privacy at英特尔安全。“但是，与笔记本电脑，平板电脑不会用相同的安全级别处理，尤其是在BYOD环境。”

根据the Pew Research Center, 68 percent of U.S. adults now have a smartphone, and mobile shopping is expected to account for 30 percent of all online sales this year, according to Internet Retailer.

超过智能手机用户的一半使用手机银行，和1.4十亿人每月使用移动设备登录到Facebook上。

“随着智能手机和平板电脑是全年生产的多次的新车型，这些设备让谁想要最新的手机，以支持他们在旅途中生活的朋友和家庭的理想礼物，”斯内尔说。

但很多用户并没有意识到宝这些设备可能是潜在的犯罪分子什么。

It's not just social media accounts, e-commerce logins and banking credentials that are exposed to hackers who are able to steal or remotely break into a smartphone. There's also emails, private photos and videos, work and personal contacts, login credentials for home and office networks, and saved location data.

Plus, attackers may also be able to activate a smartphone's microphone remotely and listen in to corporate meetings, or track the device owner's location.

根据Snell, a major factor affecting smartphone security, is, as with tablets, the operating system.

"The primary difference is between iOS and Android," he said.

User behavior is also a significant factor, studies show.

根据研究今年早些时候发布卡巴斯基实验室和B2B国际的Android手机拥有者的30％不保护他们的智能手机有密码，和Android手机的业主44％没有安装反恶意软件解决方案。

近期启用蓝牙的配件的增长使得智能手机更容易受到伤害，斯奈尔说。

The market for drones is still in its infancy, but as these devices get more popular they will increasingly become targets for hackers, said Intel Security's Snell. The attackers can use vulnerability to steal the drone itself, or, if it's used for deliveries, steal its cargo.

“远程黑客连接到Wi-Fi无人机的能力是真实的，”斯内尔说。

例如，今年夏天，在防守精读安全会议上，来自安全公司祖大寿行星的研究人员演示了如何劫持鹦鹉无人机，一个流行的无人机品牌。

This year has seen a spate of reports about hacked baby monitors, nannycams, and similar devices. Any connected device with a camera is potentially vulnerable, said Intel Security's Snell.

"There are numerous websites cataloging unprotected cameras displaying private video," he added.

Earlier this fall, for example, security firm Rapid7 reviewed popular baby monitors from six manufacturers and found that all had significant security problems such as lack of encryption for communications or stored data, and warned that this could just be the tip of the iceberg.

Attackers could use these devices to invade personal privacy, steal recorded videos, track when people were home, or use the devices to get access to the local network.

"It is important to stress that most of the vulnerabilities and exposures discussed in this paper are trivial to exploit by a reasonably competent attacker," researchers said.

该报告得到了显著媒体的关注，大部分的设备制造商涉案赶到解决问题。

“在婴儿监护器在报告中指出的问题在48小时内对夏季婴幼儿的模型解决了，说：”夏天婴儿代言人。

TRENDnet found that attackers would not only need physical access to the camera but would also have to rewire the circuit board to exploit the vulnerability, but patched the vulnerability, and the firmware upgrade is available and all users notified either through the email addresses they registered their products with, or through the website next time they log into view their video.

The Philips product involved, the In.Sight Wireless HD Baby Monitor, is a discontinued product that had been produced by another company, Gibson Innovations, under the Philips brand name. The two companies worked together and fixed the problem in September, shortly after the Rapid7 report came out. The companies updated the affected cloud services, updated the firmware, and updated both the Android and iOS apps.

Elnaz Sarraf, VP atiBaby实验室说，他的公司已经采取了一些措施来解决由Rapid7提出的安全问题，包括显示器，应用程序，以及相关的云服务之间的安全通信。

据Gynoii代言人，该公司已经升级了新固件的产品，和现有的客户将能够下载在未来一周内的新固件。

As of deadline, Lens Laboratories has not responded to our request for comment.

根据Snell, devices that connect children to the Internet can allow criminals to target both the child, and the family. For example, many children use their parents' email addresses and devices to access the apps that control their gadgets.

"If the child's mobile app is infected, it gives a hacker direct access to the parents’ data," said Snell. "This can result in malware being installed and spearphishing."

One such toy is the Star Wars tie-in, the BB-8 Droid by Sphero, which can be remote controlled with a smartphone app.

“薄弱环节不只是在手机和BB-8之间的通信协议，也有修改玩具的固件的风险为好，”克里斯·鲁兰，创始人和CTO在物联网安全公司表示，巴士底狱网络。

Another hot toy this season is the Hello Barbie doll from Mattel, he said.

“根据娃娃的FAQ，互联网连接提供连接ToyTalk的云成千上万在对话的数千行存储，”他说。“当然，供应商的政策规定，它需要非常谨慎记录的谈话。”

Earlier this year,HP测试最流行的智能手表的10后发现与他们显著的安全问题。例如一半，没有一个密码或其它锁定机制，使任何人谁拿起手表可以进入它。

Many had problems with distribution of security upgrades, with authentication, or with encryption. The apps associated with the devices also had security issues, posing risks to personal privacy. And if hackers are able to access a smartwatch, they could potentially also gain access to the mobile device or network it's connected to.

此外，根据丹尼尔Miessler，惠普公司的安全研究主管，市场太新，它的消费者难以了解与特定设备的安全问题。

For example, HP itself did not release the brand names of the watches that were tested.

根据Intel安全的斯内尔，谁闯入健身追踪器或与其相关的网站可能会访问私人信息的黑客。

但是，更重要的是，黑客可以利用该设备就可以进入相关的智慧型手机，平板电脑或家庭网络，健身追踪器所连接到英特尔安全的斯内尔说。

"It’s a gateway device," he said.

而且，事实上，在10月，一名保安从保安公司研究员Fortinet公司证明了流行的Fitbit追踪健身可以通过他们的蓝牙连接的攻击。

但是腰带BISKUP，在安全主管Fitbit, said that while an attacker could send data to a Fitbit and see that data echoed back, there was no security vulnerability involved, and that it was impossible to send this data on to a connected computer or use the software bug to spread malware.

"There is no vulnerability with this software bug," he said. "It is not possible to make our client do anything with this data. We spent a lot of time looking at this."

Fortinet的，但是，不从自己的说法退缩该Fitbit有一个漏洞，该漏洞允许攻击者“接种与可发送至电脑任意代码Fitbit设备通过蓝牙连接将设备连接到。”

"We stand behind the statement," said Sandra Wheatley Smerdon, the company's VP for global corporate communications. "I’m not aware if Fitbit has since fixed the vulnerability and we have not updated our research."