In South Korea, after the “N Room” incident, the public was once again awakened to concerns about privacy leaks from camera devices. With the rapid development of the Internet of Things (IoT), smart cameras and smart appliances are becoming increasingly popular. However, some convenient IoT devices can also become the “all-seeing eyes” and “pleasing sights” for criminals to spy on privacy, forming a black industrial chain of networks and links.
Through thorough investigation, it was found that criminals can easily crack some smart monitoring devices and sell cracked software and identities on the Internet at will, exposing countless users’ privacy to the surveillance of others.
Some bedrooms have no secrets anymore.
Considering factors such as security measures, many users have installed cameras in different locations of their homes and companies, which can be viewed in real-time through mobile applications. These cameras are in a state of long-term activation and recording, with some owners stating that they are “too lazy to restart them and never turn them off.”
Users believe that the monitoring screens they can only watch are actually “real-time public broadcasts.”
A reporter joined a social platform group named “Cameras” and “Monitors” as a netizen. After more than 10 minutes, a group member asked if they needed to purchase a camera and immediately sent over 10 screenshots of monitoring videos, most of which were taken by home cameras. The most recent was on March 24. These images were set to be “burned after reading” and automatically destroyed after 5 seconds.
The member stated that the camera’s identity costs “ordinary 85 yuan for 10, better 175 yuan for 25,” along with operating instructions. After payment was completed, the member sent a list of 24 device names labeled “living room” and “bedroom.” Following the “tutorial” prompt, the reporter downloaded a mobile application that allowed them to log in and view online video monitoring screens.
Even more shocking, for just 320 yuan to purchase another “cracking software,” users no longer need to buy the identity of the camera separately. Using this software, the identities of 999 out of 1,000 online cameras can be quickly cracked and viewed, equivalent to “monthly payment.”
So, how do criminals crack home cameras and achieve remote control? On one hand, some camera brands use weak passwords for registered accounts, while others can connect directly to the camera device without registration, making them easy to crack. On the other hand, hackers have cracked the identities of cameras through “dragging libraries” and “attack libraries” techniques.
Once a user’s network device uses the same login account and password, it can be cracked by “library conflict” technology and become public content. For example, after illegally obtaining a large number of personal user login information from email websites, these account passwords can likely become the “keys” to crack users’ home appliances. If major social media or software are “hacked,” tens of millions or even billions of personal information will be leaked.
Cameras, door locks, cars… can all be “black.”
An Internet security professional in the IoT field admitted that compared to the IoT security devices used by enterprises, smart cameras, smart door locks, and private cars using IoT technology for personal use are more likely to be damaged due to remote interference or physical disruption. For example, when the smart temperature control device at home “loses power,” it can turn “summer” into “winter.” When a driverless vehicle is “captured,” it can easily cause traffic accidents. Recently, the Critical Infrastructure Security Emergency Center, affiliated with the National Internet Emergency Center, released a report stating that the number of malicious code attacks targeting specific vulnerabilities in IoT networks reached 67 million within half a month, with a single organization launching attacks on 100,000 IP addresses. It can be said that as long as IoT devices are exposed on the Internet, they can be attacked at any time and may be repeatedly attacked by different organizations.
In the industry’s view, weak security awareness is a significant vulnerability. “Many people lack awareness of cybersecurity or naively believe that the ‘black’ of the Internet is far from them.” A staff member at Qihoo 360 Group, serving as a security expert and senior architect, told reporters that criminals also purchase the same model products for research and analysis to find targeted attack methods, which will pose greater challenges to security controls.
Many people also use other IoT devices as “spies”: cleaning robots with cameras peek around the room; smart speakers suddenly emit “mysterious laughter” at night. Apple’s Siri has been exposed for uploading users’ recordings to servers without user permission.
During an unexpected visit, the reporter captured screenshots of conversations with criminals.
The vulnerabilities of the Internet of Things have become a “hotbed” for illegal and criminal activities. Taking privacy cameras as an example, a complete industrial chain has formed behind them, usually consisting of three links: developing and selling camera cracking tools, attacking network cameras, and proxy selling camera videos. Each link has clear divisions of labor and hidden means. Some gangs use virtual currencies for transactions to evade regulation and ultimately use cameras for extortion.
Breaking into IoT network devices to spy on privacy is much simpler than the public imagines. Some hacking software can reach the level of “zero threshold” and “foolproof operation” and can be installed and started within a minute.
Putting armor on IoT privacy
Illegal criminal activities in the Internet of Things pose a threat to social order and national security. With the continuous application of related technologies, the coverage of attacks by criminals will continue to expand, and there is still a long way to go in combating such illegal crimes. Blocking the private black holes under the Internet of Things requires multi-party joint defense, close cooperation, and the construction of a three-dimensional defense system.
The police involved in the case stated that hacker crimes remain high, and efforts should be made to establish a coordination and communication mechanism between network mail, industrial mail, public security, and other departments to comprehensively address the issue of network hacker crimes.
Hu Gang, secretary-general of the Research Center of the China Internet Association, believes that cybersecurity legislation should adhere to the principle of “rapid legislation, frequent repairs” to efficiently and quickly respond to new types of cyber crimes. “Judicial authorities should promptly handle urgent and variable criminal cases involving the Internet of Things,” Hu Gang said.
Peng Xinlin, deputy director of the Criminal Law Research Institute of Beijing Normal University, suggested that various departments should join forces to strengthen the crackdown on crimes using IoT devices while encouraging innovative development and enhancing regulation and guidance in the industry. Netizens should also raise their security awareness, strengthen security protection measures, and promptly report any clues regarding illegal criminal activities of hackers. Enterprises should pay attention to the network security of the office environment, regularly check devices like cameras, establish a network security protection system, and emphasize the training of employees in network security, ensuring software, system vulnerabilities, and security updates are maintained throughout the device lifecycle.
Experts suggest that netizens should do their best to manage their accounts and passwords on social networking platforms separately, using different passwords for each platform, opting for strong passwords whenever possible, and regularly updating passwords for important online platforms. When purchasing IoT devices, it is recommended to buy from large manufacturers and formal channels, paying attention to choosing devices that have undergone security testing.
If you like it, please click above to follow.
Some images and texts are sourced from the internet; if there are copyright issues, please contact for deletion.