Experts urge security checks on new Christmas gadgets
Security specialists are warning that a wave of new connected gadgets unwrapped over the Christmas period could widen the attack surface for cyber criminals if consumers leave default settings untouched and ignore basic digital hygiene.
From smartwatches and fitness trackers to smart speakers and internet-connected home devices, many products now collect detailed information about users' movements, habits and homes. Security experts say that volume of personal data makes them attractive targets for attackers and a potential source of unintended data exposure.
Chris Harris, EMEA Technical Director at Thales, said consumers often underestimate the sensitivity of information generated by everyday devices.
"Whether you've unwrapped a new smartwatch on Christmas morning or treated yourself to the latest sleep or fitness tech in the sales, it's easy to forget that these devices do far more than count steps. Every notification, sensor reading and location ping feeds into your wider daily data trail, one that can reveal much more about you than you might expect, from your routines and movements to insights about your health and habits.
Most of this data collection happens quietly in the background, and while premium brands often build in strong protections, not every device on the market takes security seriously. That's why it's so important to take a few simple steps to secure your new tech. With the right precautions, you can enjoy the convenience of smart gadgets without giving away unnecessary personal information, starting the new year with stronger control of your digital identity."
The guidance comes as analysts forecast continued growth in the market for wearables and smart home products. The installed base of connected consumer devices has expanded over recent years, increasing the amount of personal and behavioural data held in cloud services and device ecosystems.
Security professionals say the risks range from account takeovers and identity theft to detailed profiling of household routines. They point to high levels of reuse of weak passwords, limited awareness of default privacy settings, and patchy adoption of software updates.
Device choices
Harris advised consumers to assess products on security grounds before they buy them. He pointed to the way manufacturers describe their approach to data protection.
The recommendations state that buyers should look for brands that clearly explain their security features and encryption. They should also look for information about regular software updates and secure onboarding processes during set-up. A lack of any reference to security is described as a warning sign.
Security specialists have highlighted growing regulatory pressure on manufacturers in regions such as the UK and EU. New rules seek clearer disclosure of software support periods and more consistent use of secure default settings across consumer devices.
Data exposure
The advice also focuses on limiting unnecessary collection of data. Many devices request continuous location tracking, background syncing, or detailed health metrics as standard.
Harris suggests users turn off data collection features they do not need in everyday use. The guidance notes that the less data is collected, the less data can be exposed in the event of a breach or device loss.
Network configuration is another focus. Users with compatible routers are encouraged to set up a separate guest or internet-of-things network for wearables and smart home devices. Security experts say this can reduce the risk that a compromised device gives attackers a route into laptops or work systems on the main home network.
App permissions
A key recommendation is that users review app permissions as soon as they install companion software on smartphones. Many apps request access to microphones, contacts or cameras as part of default settings.
The guidance recommends stripping these permissions back to essentials. It also urges users to wipe personal data from any older devices that they plan to sell or pass on, in order to prevent data remnants from being recovered later.
Harris warns against approving requests for access without scrutiny. "DON'T tap 'Allow' on every pop-up without thinking: Apps often request more access than they truly need, increasing your risk if they're ever breached," said Harris.
Updates and passwords
Security researchers have repeatedly highlighted slow adoption of software and firmware updates as a major issue in consumer technology. New devices sometimes ship with firmware that predates the latest patches.
The guidance urges users to install updates as soon as they unbox devices. It notes that updating straight away can close recently discovered security flaws.
The advice also warns against delaying patches. It states that attackers frequently target known vulnerabilities that manufacturers have already fixed but that remain exploitable if users do not install the update.
Account security forms another part of the recommendations. Users are encouraged to use strong, unique passwords for cloud services that store wearable data. They are also advised to enable multi-factor authentication on relevant accounts, as these repositories of fitness and location information are considered attractive to criminals.
Social sharing
Alongside technical settings, Harris highlights the risk of over-sharing through social media posts. Screenshots of fitness apps or home dashboards can reveal regular routines, locations and travel patterns.
The guidance advises against posting images that show detailed daily routes or that identify home and work addresses. It notes that some apps offer privacy zones that hide the start and finish points of activities, but also states that users should avoid posting if they remain unsure.
With more connected products entering homes, security experts expect sustained scrutiny of how consumer data is gathered, stored and shared. Harris said basic precautions by end users can reduce exposure while manufacturers adjust to tightening regulation and rising customer expectations on privacy.