The sweeping robot becomes a leaking artifact expert in minutes: half of the IoT devices are streaking

OF week Robot Internet News “The exposure of smart cameras has led to the leakage of a large number of users’ privacy.” A media report yesterday revealed the tip of the iceberg of security vulnerabilities in IoT smart devices.

Smart lamps, smart sockets, smart watches, pet baby monitors… When you buy these smart appliances, you may not think that smart light bulb data may provide time for thieves to commit crimes, smart cameras are live broadcasting your life scenes, and Smart refrigerators can also serve as senders of spam.

In the era of “big data”, users’ online behavior data are often acquired without their knowledge. Experts remind that at least half of the IoT devices currently on the market are in a “streaking” state, and there are security loopholes that are easily attacked.

Your child may be monitored in real time

As the summer vacation is approaching, smart home appliances for children are selling well in the Shanghai market. Yesterday, the reporter came to an electronic market in the urban area and found that nearly half of the counters put children’s smart watches in the most conspicuous place. The advertisement of the business directly hits the “pain point” of parents: “Children’s smart watch, the bodyguard on the child’s hand” “Worrying about the child’s loss, then give him a smart watch”.

“The sales of children’s smart watches are the first, followed by smart learning machines and smart robots.” A merchant told reporters that the sales in these weeks were more than double the usual ones.

The price of children’s smartwatches varies, ranging from one to two hundred yuan to nearly one thousand yuan, and most of them have the same functions: providing parents with children’s location information, supporting two-way phone calls, voice group chats, and some can receive text messages.

The reporter randomly interviewed a number of customers who bought children’s smart watches, and they all believed that the watches were “very practical”. A mother said: “Now there is almost one primary school student. Parents can talk to their children at any time, and they can also see the trajectory of their children’s walking. Parents know where they go.” To her dissatisfaction, the latest watches have all been upgraded to 4G. , adding unnecessary game features. As for the security risks, most said they didn’t think about it.

Recently, “Black Cloud”, the largest security public testing platform in China, released a report on children’s smart watches: 13 of the top 32 children’s smart watches sold on Taobao have interface override vulnerabilities, which can lead to over a million children being hacked in real time. Monitor, obtain children’s daily walking trajectory, real-time ambient sound, etc. The “white hat” of “Dark Cloud” also demonstrated on-site that as long as the parent’s mobile phone number is obtained, or the system platform is accessed, the child’s watch associated with the mobile phone number can be cracked, so as to obtain real-time positioning and all walking routes.

What is even more surprising is that many smart watches now have functions such as calling, monitoring, and recording. Through these loopholes, criminals can hear the voice of the child at any time and understand the environment in which the child is located. If the watch is placed at home, the parent’s conversation can be recorded at any time, and there is a greater risk of privacy leakage for both children and parents.

China’s children’s smart watch market is developing rapidly. According to statistics, in the first quarter of 2017, the shipment of China’s children’s smart watch market reached 3.51 million units, a year-on-year increase of 64.9%. As the watch is upgraded from 2G to 4G, there are more and more functions, and the risks are also multiplied.

The first guardian of children’s safety is not electronic products, but parents. Parents’ responsibility for guardianship cannot be replaced by any electronic products. In addition, it is also very necessary for children to learn some common sense of safety and establish children’s awareness of self-protection.

“Cloud storage” is not a new thing for a long time. With the development of the Internet of Things, more and more smart home appliances can also be connected to mobile phones to store information in the “cloud”. Tap “Upload” and “Save”, and large-capacity files that originally need to be stored in physical tools can be easily saved to the network “cloud” in just a few steps. But what followed was the concern of personal privacy data leakage.

In an era where data capacity is often measured in terabytes, can the network “cloud” really effectively protect personal information from being leaked?

Yesterday, the reporter registered multiple cloud platforms, and most operators promised in the “User Agreement” that they “will not disclose or provide third parties with the non-public content stored by users on cloud services.” Meaning, “unless the following circumstances exist”. Most of these disclaimers are contained in the thousands-word User Agreement, which is easy to ignore.

Most of the “following situations” include: the operator does not assume any direct or indirect compensation for tangible or intangible losses caused by unauthorized use or modification of user information. There are also some seemingly overbearing descriptions of the Service Agreement, such as: “(The operator) has the right to take all measures it deems necessary without prior notice to the user.”

Is it really safe to see the invisible “cloud disk”? In fact, the cloud disk platform has always been the key target of hacker attacks. “Some cloud disks are attacked by hackers every 30 seconds on average.” An industry insider told reporters.

Internet security expert Tong Liqiang reminded that when choosing a network product service provider with high reliability, before using new technologies and new products, be sure to read the Product User Agreement and understand your rights and obligations. Some information involving important personal and private property should not be uploaded to the cloud easily. When discovering illegal or criminal acts, you should report them to the Internet and public security departments in a timely manner, and keep relevant evidence materials.

In the past six months, incidents about the leakage of personal information from cloud disks have emerged one after another. Li Junhui, a special researcher at the Intellectual Property Research Center of China University of Political Science and Law, believes that the current regulations on the Internet field still need to be improved, and cloud data storage needs to clarify individuals, operators and regulators. line of responsibility.

In May, the ransomware virus broke out, affecting more than 200,000 people in more than 150 countries in just 2 days. Colleges, railway stations, self-service terminals, postal services, gas stations, hospitals, government service terminals and other fields were affected. infringe. Many people are still in shock, “Is it possible that smart home appliances can also be infected by viruses?”

“The current IoT devices are basically ‘streaking’.” Lu Yizhou, the founding partner of Yongzhou Venture Capital, who focuses on IoT security investment, “speaks amazingly.”

For example, he said: In order to detect the noise of an air conditioner and improve the product, a manufacturer installed sound-collecting equipment in the air conditioner. These devices can return the decibels of many air conditioners. But it is such a device, which was quickly discovered by external security experts, and it can be turned into a “bugging device” with only a little trick.

Xiao Xinguang, an Internet security expert, gave an example: Now many people have bought a sweeping Robot at home. This Robot has microphones, cameras and other devices, and also needs to be connected to the Internet, which is equivalent to a potential monitoring device. Once attacked, family privacy has nowhere to hide.

In the 2016 Network Security Conference, a decoding security team realized the use of the socket to publish Weibo by attacking the smart socket. After connecting to the control network of the smart home, they exploit the vulnerability to attack the smart socket and obtain the authentication information on the APP side, so as to remotely control the smart socket, and then use the loopholes in the protocol to send Weibo through a smart socket.

The Links:   3N3403   JANCD-YCP01B-E

Published on 09/09/2022