It’s become a tradition here for many folks to do some technology shopping on Black Friday and Cyber Monday. The savvy shopper can often find great deals on otherwise expensive items, and if they are willing to brave the insanity of brick-and-mortar shopping on Black Friday, can sometimes get an amazing deal on the year’s hottest technology. Tablets are up at the top of everyone’s gift list, and cheap Android-based tablets are popping up everywhere, including a batch of sub-$100 tablets made by lesser-known (or unknown!) manufacturers that are flying off the shelves of discount retailers like Walmart and Walgreen’s. Unfortunately, these cheap tablets are shipping with a variety of security flaws that could pose a serious threat to you or your business.
What this means for you:
A detailed analysis performed by Bluebox Security walks through the flaws of 12 sub-$100 tablets, but I’ll simplify: if you’ve bought one of the tablets on their list, you should absolutely not access any of your important email, banking or business-service accounts with this device. The age-old rule of thumb applies here: you get what you pay for, and paying less than $50 for a tablet gets you a very unsecure device that should only be used for the most casual entertainment purposes. It is also highly unlikely that these devices can be made secure, as many of the flaws come from older versions of the Android operating system. Due to the limitations of the low-cost hardware use to build these tablets, upgrading the OS is highly unlikely without some serious hacking, and should only be attempted by a trained professional. At that point, you should really question whether the overall cost was really worth the initial savings. Long story short: these sub-$50 tablets should only be used as toys and never for serious business or personal use.
Image courtesy of Stuart Miles at FreeDigitalPhotos.net
The new tradition of Black Friday (and Cyber Monday) shopping online has not only caught on with bargain hunters hoping to avoid crowds and early-morning lineups, it has also caught the eye of the digital criminal element as well, who will be counting on naive (and not so naive) shoppers clicking on links to dodgy sites that instead of delivering amazing deals, will end up costing unwary shoppers hunters more than they bargained for.
It is believed that various cybercriminals will attempt to lure victims into clicking links promising deals too good to pass up, either delivered via email, or posted on the various bargain/coupon code websites that are scattered across the internet. Once you click a link to a site that is handing out malware instead of savings, your machine is likely to get infected with one of the hundreds of variants of malware, all with the express intent of, wreaking havoc on your holiday weekend (and beyond), extoring money out of you via ransomware demands, or worse still, lying dormant and undetected on your computer until you start typing in sensitive information, like the password to your banking website and email account. Once that happens, you are only clicks away from identity theft and probable financial damage.
What this means for you:
Common sense and caution are your best defenses, but you should also observe the following:
- Have updated and working antivirus software from a well-known manufacturer.
- Only click links to websites that you recognize – make sure the link you are clicking isn’t being spoofed.
- Can’t confirm a website, or not familiar with the source? Google the domain name – the real domain name, to see if virus/hoax reports have been associated with that domain.
- If the deal sounds too good to be true – it probably is. Call the store to confirm the deal if in doubt. Talk to a human.
- Still can’t confirm? Proceed with extreme caution at your own risk. Is the deal really worth the risk of your security being compromised?
Image courtesy of “digitalart” / FreeDigitalPhotos.net