This article re-edits the "Security of IoT devices that are easy to be ignored behind convenience" published in the malware Intelligence Agency provided by Canon Marketing Japan.
IoT device is one of the tools to make our life more convenient. However, privacy and security should not be forgotten when using it. The security of IoT equipment is investigated.
This article is a translation of Welivesecurity, a malware and security information site run by ESET.
We are always connected to the world. With the smart doorbell, you can use a smartphone (hereinafter referred to as a smartphone) to identify who is coming. You can track your child's location through a smartwatch, or you can simply use a fitness tracker for health management. With the revolution of IoT (Internet of things), intelligent household appliances such as smart kettles, intelligent washing machines, smart refrigerators and so on have been popularized in our families.
It should be noted that with IoT appliances, life will be very convenient, but security will not be consolidated. Although it is convenient to use mobile phones to operate almost all household appliances, do the products purchased properly ensure the safety? So, let's introduce a few IoT devices that may invade privacy.
Children's smartwatch
For parents, the first important thing is the safety of their children. Today, with the development of digitalization, some parents want to use smartwatches with tracking function to confirm their children's destination. Children can check their current location when they go out to play, or contact them if necessary. However, it is not always an excellent product. If you want to buy a smartwatch from an unknown supplier, you need to investigate it thoroughly beforehand.
Maybe the vendor's server has a major security flaw. In this case, it is not only necessary to protect the child, but also to face danger. In a smartwatch manufacturer, the security of the server is too small to illegally access the personal information (location, phone number, photo, conversation) of more than 5000 children. This is by no means a special case. There were previous concerns about privacy violations of smartwatches for children, and in fact there were recalls ordered by the European Commission.
Intelligent doorbell
If you combine a smart doorbell with a smart lock, you can identify visitors and open and close the door without getting up from the bed or sofa, simply by confirming it with your smartphone. In addition to convenience, the doorbell which can record the situation of the doorway one by one is also very safe. Even if it's a little valuable, it's worth taking advantage of.
Although it is taken for granted that you want to protect your family, you should make a careful investigation in advance when buying a smart doorbell. A survey reports the unnatural behavior of smart ringtones. The smart doorbell uploads a snapshot to the server whenever someone moves at the door. Judging from the function of the intelligent doorbell, many people think that this kind of behavior is natural. But strangely, there is no preparation for how the user will access the uploaded snapshot and how to learn about the location. As a precaution, you also need to check the doorbell thoroughly when you buy.
Cheap intelligent security camera
Let's keep talking about security. As an IoT device, smart security cameras are also popular. In order to confirm the situation inside and outside the home and office, more and more individuals and small and medium-sized enterprises are buying. IoT devices are connected through the Internet, so the protection of their connections and data is critical. If a network attacker hackers your device and is in a state of remote access, the attack will be launched directly. This is the worst scenario, but this is a possible story.
Unfortunately, cheap IP cameras used to protect homes and property are the easiest devices to be targeted by attackers. They all have the same loophole because they are all made in the same process. Not only the loophole, but also the loophole of the product itself. In the cameras made by Shaomi, there have been accidents in the past in which other people's own images are displayed due to hidden errors.
Smart home center
Smart home hubs are the center of interconnected home devices. For example, it can be said to be the central department that manages the whole. Centrally manage all its IoT devices (security cameras, smart doorbells, lighting, and other smart devices) and can be controlled from anywhere. Using the smart hub, you can monitor and control not only the smart home, but also the business environment.
You probably already know what kind of problems this can cause. When a network attacker discovers and abuses the vulnerability, it will allow access to all devices and confidential data under the system. ESET IoT Research claims that most serious vulnerabilities have been found in the three hubs. Vulnerabilities that make the system more vulnerable are also identified.
Summary (summary)
When purchasing IoT equipment to make life convenient and comfortable, please pay attention to the following points:
Be sure to investigate carefully before purchasing IoT equipment. Get information about the products purchased, read user comments, etc., please confirm the reliability. Combine the "security vulnerability" with the brand name and model name and search Google to determine if the problem has been resolved or has not been affected.
-if you are not sure how to protect data or upload destinations, it is not recommended to purchase unnamed vendor equipment. If judged by the price, reluctant to give up, the results such as data theft may cost a higher cost.
Always update the firmware to the latest version after purchasing the device. The purpose of the patch is to improve the security of the equipment, and it is hoped that it will be installed as soon as possible after release. If the installation is ignored, an attacker may abuse the vulnerability and access the device.
[references and sources] These things may be cool,but are they safe? By Amer Owaida20May 2020-11:30 AMhttps://www.welivesecurity.com/2020/05/20/these-things-may-be-cool-but-are-they-safe/