Smart homes must guard against "uninvited guests"? Safety plagues the industry's long-term development

On December 5th, the 4th World Internet Conference released the annual achievement document “Wuzhen Outlook”, pointing out that emerging issues such as next-generation Internet development, artificial intelligence application, and digital economic transformation have become new hotspots for governance.

More than 100 smart cameras, more than 300 yuan of smart rice cookers, more than 1,000 yuan of sweeping robots, not expensive and convenient experience, let more and more people start to taste early, enjoy the convenience of smart life.

However, with the integration of smart devices represented by smart homes into daily life, security alerts such as personal privacy leaks and threats to life and property are frequently heard, causing consumers to suffer losses and plaguing the long-term development of the industry.

Smart home hidden risk

80% sampling camera saves security risks

Fingers tap, "嘀", the smart door lock has been opened; smart air conditioner makes the room temperature suitable; sweeping robot cleans the house clean and new; smart rice cooker and smart oven, a big meal is steaming ready Pots; smart TVs and smart speakers are only waiting for "issuing orders", they will be presented with wonderful programs... The scenes that have appeared in science fiction movies are becoming more and more accessible to people.

With the large-scale application of 5G communication technology and the Internet of Things, the Internet of Everything is about to become a reality. Market institutions expect that there will be 50 billion IoT devices worldwide by 2020; the overall scale of global smart homes will grow from the current 10 billion US dollars to 50 billion US dollars, and China will become Asia's largest smart home market by 2020. .

Although smart home devices can bring a convenient and comfortable living experience, the security risks behind them cannot be ignored.

In June, the Product Quality Supervision Department of the General Administration of Quality Supervision, Inspection and Quarantine (AQSIQ) collected 40 batches of samples from 38 brands for monitoring the information security hazards that may exist in smart cameras. The results show that 80% of the batches have safety concerns. Some sample back-end information systems have an unauthorized vulnerability. You can view the video of any user's camera in the same platform. Some samples allow you to view or download the user registration information and monitoring video stored in the back-end information system.

In September, during the 2017 China Internet Security Conference, the Decoding Security team demonstrated how to implement remote control for specific smart home devices: smart lights are switched freely in the room, the angle of the smart camera is no longer controlled by the owner, and the smart door lock password is also Can be obtained remotely.

The 2016 China Internet Network Security Report released by the National Computer Network Emergency Center shows that in recent years, with the rapid development and popularization of terminal devices and network devices such as smart wearable devices, smart homes and smart routers, The proportion of cyber attack events on devices is on the rise.

Black industry surfaced

Smart devices become "thief" and "spy"

"You can see at all times, and you don't have to worry about it. You can see it if you want to see it."

On an e-commerce platform, a smart camera with a monthly sales of nearly 10,000 units uses this sentence as a slogan. It is the original intention of many people to buy smart cameras by paying attention to the dynamics of the elderly, children and pets at home anytime, anywhere, or by remotely watching, watching, and watching cars.

At the beginning of August, Ms. Huang of Chongqing observed a pet dog and installed a smart camera in the living room. It was convenient to see the real-time picture of the living room through the mobile phone. One day, Ms. Huang suddenly found her camera moving, immediately opened the computer to view the background, found that in addition to her own account, there is a strange user monitoring the information of this camera.

According to previous media reports, only paying 188 yuan, you can get the software that can play the content of the home camera, enter the corresponding IP address, login name and password, you can successfully log in to the camera, remotely view the real-time monitoring screen, and even zoom in on the screen. Zoom out. In some QQ groups, the cracked IP address will even be used as a popular gift by the group owner, and will be distributed to the group members free of charge.

In July, Beijing police cracked the first case of online video transmission of family camera cracking software, knocked out a criminal chain and arrested 24 people involved. The party involved in the case and Zhao illegally purchased the camera cracking software, cracked the IP of the webcam, and watched the contents of the camera saved or sold.

For the invaded camera information, the hacker does not accept the receipt. In July, Zhejiang Lishui police seized nearly 10,000 IP addresses of cracked invading family cameras, involving Yunnan, Jiangxi, and Zhejiang. According to the suspect Wang’s confession, if the surveillance screen of the camera is facing the living room, do not; if it is in a private place such as a bedroom or a bathroom, the price is 10 yuan; if it is a “boutique”, it can be sold. 20 yuan a, can also be sold in the cloud disk.

"From a legal point of view, smart home devices have been cracked, resulting in users' information being shared and sold, mainly infringing on the privacy rights of users. "General Principles of Civil Law", "Criminal Law Amendment (IX)", Tort Liability Law, "Network Security Law" ", etc., have made specific provisions on the protection of citizens' privacy and personal information." Zhu Xi, deputy director of the Center for Communication Law Studies, China University of Political Science and Law.

In addition to acting as a "spy" to spy on privacy, a maliciously controlled smart home may also become a "thief" or even a "robber" at home. Han Weili, deputy dean of the School of Software, Fudan University, said that the security problems in smart homes are all-round: in addition to the disclosure of personal information, it may also result in loss of family property due to loss of function or dysfunction of smart home devices; Maliciously controlled smart home devices for personal attacks and cyber attacks.

For example, a maliciously controlled smart toy may induce children to make dangerous actions such as opening the door and climbing out of the balcony. The cracked smart door lock and smart safe have become thieves "inside", stealing family property such as sacs; smart oven The temperature can be arbitrarily increased, eventually causing a fire; smart homes may also be controlled to form large-scale "botnets" that attack network servers, causing a large embarrassment of Internet services.

Safety fence to be repaired

Increase investment in technology against technology

On November 22nd, the China National Light Industry Council and the China Household Electrical Appliances Research Institute jointly announced the launch of the smart home group standard development work. The industry believes that smart home products can not be heavy-duty, light and safe, should introduce the safety regulations of smart home products as soon as possible, and explore the establishment of a credit mechanism for corporate privacy protection.

"To solve the security problem of the Internet of Things smart home application, we must first increase investment in system security technology and use technology to counter technology." Han Weili said, "Analyzing the possible security problems of smart homes and clarifying their essence is a very complicated one. Serious scientific issues require researchers to combine the technology itself and the application reality, and invest a lot of manpower and resources to carry out extensive and in-depth work. This aspect is often despised by industry professionals in the field of smart homes and the Internet of Things."

Zhang Yanlu, director of research and development of the Xiaomi IoT platform, admits that there are many types of smart home equipment, and the use scene is complex, with certain technical thresholds. The safety design of the product needs to be comprehensive. The enterprise not only needs sufficient technical strength, but also needs experience accumulation and cost. At present, the products on the “product” platform adopt the built-in unique key, and customize the independent security chip hardware for sensitive devices such as smart locks. These technologies are also open to the public.

The National Computer Network Emergency Center recommends that smart device manufacturers should do a good job in the safety of the entire life cycle of the equipment, and develop a comprehensive network security emergency response plan; when the device is found to be vulnerable or implanted into a malicious program, it can provide an online upgrade function. Or notify the user to fix it manually.

The problem of smart home security is a system problem that requires coordination of technology, management, and laws and regulations to ensure the healthy development of the entire industry. The "Network Security Law" enacted on June 1 and the Interpretation of the Supreme People's Court and the Supreme People's Procuratorate on Several Issues Concerning the Application of Laws in Handling Criminal Cases Involving Citizens' Personal Information have further woven the "safety net" of smart homes.

"The "Network Security Law" has both precautions and precautions. It has been stipulated in terms of system, technology, supervision, and evaluation." Zhu Xi said that users use smart homes to be infringed, and the rights are the biggest. The difficulty is finding the real infringer. "It is recommended to adjust the burden of proof. If the user has difficulty in issuing evidence, the corresponding platform and manufacturer shall bear the burden of proof."