Imagine these scenes.
The intelligent control elevator rises to the upper level, suddenly violently shakes, so that you can't get out of control by pressing the alarm button; the new project is a trade secret, only a few people know, but everyone knows that every smart device in the conference room is a competitor's accomplice; I want to relax, and at the other end of the smart speaker, the mysterious man on the other side of the ocean is eavesdropping on your life...
These are the possible consequences of hackers breaking through the door of intelligent buildings.
On April 12th, at the HIT B (HackintheBox) in Amsterdam, the Netherlands, the Blade team from Tencent Security Platforms demonstrated how they broke through intelligent buildings. HITB is one of the most influential information security conferences in Europe. It is also one of the world's top security technology exchange conferences. The selection of topics is strictly known. After various processes such as declaration and selection, the most powerful white hats are selected. The hackers stepped on the stage and discussed with the security cafes around the world.
The Blade team's discussion of the intelligent building attack and defense issues has attracted a lot of attention.
(Tencent Blade Security Team)
Smart home: hidden dangers around
With the rapid development of the Internet of Things, our daily life has been surrounded by various smart home devices, and hotels, buildings, shopping malls and other places have gradually been invested in the embrace of intelligent buildings. For us, it is no longer unfamiliar to open air conditioners and turn off speakers through mobile apps. But for hackers, this highly automated, connected Internet life is everywhere a "back door."
If the various devices in the smart home are the staff members who work for each other, then the communication agreement is their work charter. Only under the premise of following the agreement, these devices really become "smart", and the unrelated devices have the ability to exchange information and work together. This time, the Blade team showed how to break through the most widely used “work charter†in the smart home field: ZigBee.
To date, the number of devices using the ZigBee protocol has exceeded one billion worldwide. Based on a large number of device tests, the Blade team hacked against the security vulnerabilities of the old protocols in combination with common attack methods. It showed the results of equipment security tests of several major international manufacturers and demonstrated how to fly on the 36th floor with the help of drones. "Black" into the remote control lighting system, came a late night "light show."
As the members of the Blade team said at the meeting, we must be soberly aware that the smart home network built on the Internet of Things, especially because of a "home" word - involves too much personal confidential information. Controlling lighting is still an "appetizer". Seriously, it can also eavesdrop on conversations, blackmail and extortion, and even murder, which poses a huge threat to our family's privacy and personal and property safety.
Commercial buildings: convenience and risk coexist
The Blade team's research did not stop there, and their next attack target turned to a broader IoT application scenario: commercial buildings. Due to the complexity of the scene, the KNX protocol is more widely used in the commercial building field, and the attack is more difficult.
Unlike traditional Wi-Fi network intrusions, the Blade team has discovered a new attack method that works with most KNX protocols. Using their own testing tools, they can successfully break through the network defense without affecting the normal use of the original network equipment. The Blade team also practiced on a field at a luxury hotel using the KNX protocol, validating this approach to attack lighting, air conditioning, curtains and other equipment in all rooms throughout the hotel.
But the use of KNX is far more than that. In addition to luxury hotels, they are often used in large public places, such as stadiums, factories, airports and even nuclear power plants, to provide intelligent services.
The development of science and technology has always been a double-edged sword. While enjoying the convenience it brings, we must also be alert to possible risks.
Hotel rooms are controlled, and more impact remains on personal privacy and property security. However, if security vulnerabilities in large public places such as stadiums, airports, and nuclear power plants are exploited by hackers, it may cause huge economic, social, and even political impacts, and the consequences are unimaginable.
Attack and defense: Improve the safety level
Fortunately, attack and defense are you coming and going.
It is precisely because of the forward-looking attack research that is prepared for danger and security that will bring people's security awareness and security measures to strengthen. This is the original intention of countless white-hat hackers. The Blade team demonstrated how to attack smart homes and commercial buildings at the HITB conference. It also introduced new security encryption mechanisms and how to deploy secure ZigBee and KNX networks.
Although the wave of Internet of Things has swept through all aspects of our work and life, the security research on smart homes and commercial buildings is far from reaching the level of matching with its development speed and scale. Previously, there were not many issues related to smart building security in various security conferences, and there were very few actual attack demonstrations. "We have publicized the systematic security attack and defense research on these two most widely used communication protocols. We also hope that more colleagues can work with us to improve the security level of smart home buildings. After all, this is what we stay in every day. Inside," said the Blade team member.
Previously, the Blade team had shared topics at several top Internet security summits such as CanSecWest, and had successfully discovered the serious security risks of the Google artificial intelligence learning system TensorFlow. The risk was TensorFlow's first discovered security risk, and the Blade team received Google's credit.
Editor in charge: Wang Huixia
Disinfection Machine Thermometer
The temperature measurement and disinfection integrated machine integrates automatic body temperature detection and automatic dispensing of hand sanitizer, which is more convenient and cost-effective. Compared with the face temperature measurement all-in-one machine which is greatly affected by the outdoor environment, it has stronger environmental temperature adaptability and can still be used normally in complex environments. Even if it is applied outdoors, it will not be affected by the surrounding environment. And affect the accuracy of temperature measurement
Wall Mounted Thermometer Hand Sanitizer, Spray Dispenser Automatic Sensor Thermometer, Hand Temperature Measurement Dispenser
Guangdong Zecheng Intelligent Technology Co., Ltd , https://www.szzcsecurity.com