Click the top ↑↑↑ “Economic Reference Daily” to follow me
As artificial intelligence continues to advance, the era of smart living through the Internet of Things (IoT) is approaching. Currently, the IoT device market is experiencing exponential growth, with traditional devices connecting to the internet becoming a trend in technological development and industrial application.
While people enjoy the convenience brought by the interconnected world, security issues with IoT terminals are gradually emerging, becoming the weakest link. Connected printers and routers can be exploited by hackers as “backdoors” to steal national secrets, commercial secrets, and personal privacy.
Experts say that as the commercial rollout of 5G accelerates, it is becoming urgent to prioritize IoT device security and upgrade protective measures as soon as possible.
The IoT Opens the Door for Hackers
Recently, a hacking incident occurred involving a smart fish tank. Although it sounds incredible, it exposed the security issues of IoT devices.
Reports indicate that a casino in North America was attacked through its IoT device—a smart fish tank connected to the internet, capable of automatic feeding and maintaining the environment, temperature, and cleanliness. However, this seemingly insignificant IoT device became a target for hackers because it served as a “backdoor” into the casino’s internal network—the weakest link. The hackers first infiltrated the smart fish tank, accessed the casino’s internal network, scanned for vulnerabilities, and eventually stole data without detection.
Industry insiders reveal that the ease of hacking IoT devices is not an exaggeration. In January 2014, an attack on IoT devices compromised over 100,000 connected devices, including televisions, routers, and at least one smart refrigerator, sending out 300,000 spam emails daily. The attacker sent only 10 messages from any device, making it difficult to stop or trace the source of the attack.
“The smart fish tank becoming a ‘backdoor’ is not an isolated incident.” According to technology columnist Jin Zhiyuan, connected coffee machines, refrigerators, smart boards, electric curtains, and routers could also become targets for attack. With the rapid increase in IoT devices, hackers have more channels to infiltrate networks and steal data.
Currently, a new wave of technological revolution represented by big data and artificial intelligence is emerging, impacting and changing the world at an unprecedented speed and manner. Society is moving toward a smart age of interconnectedness. Along with this, the IoT is quietly entering people’s lives, with more individuals being connected to the IoT system; in the future, even trash bins may be connected to the internet.
Through a single IoT device, hacking incidents can expand to more nodes in the IoT through a butterfly effect, rapidly amplifying the impact. In an IoT environment, the closer the connections between individuals, the more likely any network attack targeting an individual can spread to a wider range, causing far greater damage than attacks on individual computers or mobile devices. Maintaining cybersecurity in the IoT era is becoming a complex game that requires comprehensive planning.
Related data also supports this point. The National Internet Emergency Center released the “2017 Overview of Internet Network Security Situation in China,” showing that the IoT is accelerating its integration into people’s production and life, with traditional network attacks and risks spreading to IoT and smart devices.
Data shows that in 2017, the National Information Security Vulnerability Sharing Platform recorded 2,440 security vulnerabilities in connected smart devices, a year-on-year increase of 118.4%. The daily active controlled IoT device IP addresses reached 27,000, primarily involving household routers, network cameras, and conference systems.
According to Yun Xiaochun, deputy director of the National Internet Emergency Center, unlike computers, connected smart devices such as routers, switches, and network cameras are generally online 24/7, and users often find it difficult to detect when they are compromised, making them stable sources for DDoS (Distributed Denial of Service) attacks.
The National Internet Emergency Center’s sampling monitoring of DDoS attacks launched by certain malicious programs found that both the control IP addresses and the attacked IP addresses were primarily located overseas, but the resources used to initiate DDoS attacks mainly came from a large number of compromised connected smart devices within China. This makes it challenging to detect and address these IoT attack incidents.
According to the “2017 Cybersecurity Annual Report” released by Green Alliance Technology, globally, the number of exposed routers exceeds 49 million, far surpassing the number of other exposed IoT devices; the number of exposed video surveillance devices exceeds 11 million, higher than traditional network devices such as firewalls and switches; the exposure of printers is even more surprising, reaching 890,000. HP has stated that less than 2% of the billions of business printers are truly secure.
Chinese Academy of Engineering academician Wu Hequan pointed out at the Second World Intelligent Conference’s “Narrowband IoT Development Forum” that the development of IoT and industrial IoT has brought new security issues, and if affected, the situation could become more severe. “The industrial internet of things does not simply affect individual devices but can impact production management systems and control systems, spreading to a larger scope.”
360 Technology President and Chief Security Officer Tan Xiaosheng also pointed out that in the era of interconnectedness, existing security threats have expanded from single information security to a “big security” encompassing livelihood security, economic security, critical infrastructure security, urban security, social security, and even national security.
Not only office equipment but also the increasingly popular smart cameras at home pose risks of personal privacy breaches. Smart cameras are supposed to be tools for safeguarding home security, but unbeknownst to users, hundreds of unknown eyes may be spying on their homes. On June 18, 2017, media reports exposed security vulnerabilities in home cameras, where criminals could use a scanning app to crack the IP addresses of users’ smart cameras, remotely operating the cameras to steal or intercept footage. The cracked camera IP addresses were even sold publicly, leaving users’ privacy exposed on the internet. The dangers posed by compromised IoT devices are chilling.
Cheap IoT Devices Lack Security Protections
The more convenient smart living becomes, the larger the vulnerabilities in IoT devices. Take vending machines as an example; their working principle is to use IoT technology to connect users with products, allowing users to complete the purchasing process through mobile payment. However, this seemingly ordinary convenience in modern life hides significant security risks.
In July 2017, American vending machine supplier Avanti Markets suffered a hacking incident where attackers implanted malware in the payment terminal and stole users’ credit card accounts and biometric data.
Regarding security vulnerabilities in IoT devices, various sectors are not oblivious. In its 2018 IoT predictions, American research firm Forrester indicated that security vulnerabilities are a major concern for companies deploying IoT solutions, and this is the most pressing issue for enterprises considering deploying IoT solutions. However, most companies do not consistently address IoT security threats, as business pressures overshadow technical security issues.
This assessment reveals the underlying truth behind the seeming difficulty in resolving security vulnerabilities in IoT devices.
Why are IoT Devices Frequently Targeted by Hackers? The internet news platform Geek Park summarizes that it is primarily for cost considerations. Some IoT device manufacturers use generic, open-source operating systems or third-party components that have not been security tested to save costs, which can introduce vulnerabilities. Similarly, many IoT devices do not protect debugging interfaces, giving attackers opportunities to exploit them.
“On many low-cost IoT devices, it’s almost impossible to implement complex and power-consuming existing security systems,” lamented an internet security expert.
Many manufacturers lack security awareness and capability. When developing IoT smart devices, they fail to consider security, resulting in software and hardware vulnerabilities. Moreover, many devices lack secure software update mechanisms or have insecure mechanisms, leading to unfixable vulnerabilities and severe consequences.
Furthermore, authentication and authorization mechanisms are weak. The scale of IoT smart terminal devices is vast, and devices from different suppliers may work collaboratively, making identity authentication between terminals difficult to achieve. Many devices still use weak passwords, allowing hackers to easily control them.
Wu Hequan also believes that current IoT encryption is often relatively simple, and achieving relatively secure encryption requires considerable effort. For example, in the industrial IoT, the variety of devices, sensor standards, and communication protocols are quite complex, making security implementation challenging. At the same time, personal computers and mobile phones can also be controlled by malware; they are not always online, while IoT nodes are perpetually online. Even if not connected to the external network, they can still be infected by external viruses due to management oversights.
High-risk vulnerabilities in routers have caused disruptions for millions of users in Germany, hackers have broken into 150,000 printers, and smart teddy bear toys have leaked over 2 million parent-child chat records… the recurring hacking incidents related to vulnerabilities in IoT devices have raised awareness of security risks abroad. The FBI has warned parents that internet-connected toys pose privacy risks, as hackers can obtain children’s names, locations, and other personal information by attacking internet toys.
The dangers of attacks on IoT devices extend far beyond data theft. Security researchers have demonstrated how ransomware can be installed on smart thermostats in homes. They can even raise the temperature to 95 degrees and refuse to return it to normal unless the victim agrees to pay a ransom in Bitcoin. They can also launch similar attacks on connected garage doors, vehicles, and even home appliances. With the increasing prevalence of autonomous driving, hackers could control vehicles, change radio stations, turn on wipers, stop vehicles, or even cause traffic accidents. Even more concerning is that hackers might attack wireless medical devices implanted in humans, posing a threat to health.
International consulting firm Gartner predicts that by 2020, the number of global IoT devices will reach 26 billion, making it urgent to address the security protection of IoT devices.
Enhancing the Security of IoT Devices is Urgent
“Today, society increasingly needs ‘big security.’” 360 Group Chairman and CEO Zhou Hongyi pointed out at the Second World Intelligent Conference that in the era of interconnectedness, network attacks have begun to threaten the healthy development of the smart economy.
To this end, he proposed the concept of a “security brain,” hoping to establish a large-scale distributed intelligent security system that comprehensively utilizes new technologies such as artificial intelligence, big data, cloud computing, and blockchain to protect network security for infrastructure, society, cities, and individuals, extending intelligent security protection capabilities to industrial IoT, vehicle networking, IoT, urban security, and other fields.
For China, addressing the security issues of IoT devices is equally urgent. Recently, China has intensively introduced policies to promote the development of IPv6, 5G, and industrial IoT, striving to launch commercial pilot projects this year. While this accelerates the faster popularization of IoT and rapid growth in the number of IoT devices, the lack of security capabilities among device manufacturers and imperfect industry regulations will exacerbate the security threats posed by IoT devices. Consequently, government agencies, businesses, and even individual households will likely be exposed to hackers.
Experts believe that as a matter of urgency, public entities and enterprises should quickly strengthen security inspections and daily monitoring of internal IoT devices. Inspections should focus on identifying vulnerabilities, past attack incidents, and sources of attacked IP addresses. Additionally, unnecessary remote service ports should be closed, weak passwords should be repaired, and regular network security risk assessments should be conducted to enhance protection levels.
At the same time, domestic IoT device manufacturers must enhance security levels. “Common vulnerabilities in IoT devices include exposed hardware interfaces and unauthorized access; these security issues are not technically challenging and can be prevented in advance.” Yang Chuanan, chief architect of Green Alliance Technology, suggests that manufacturers should ensure security throughout the entire lifecycle of devices, including conducting security risk assessments at the time of production and avoiding the use of uniform default passwords.
Moreover, vigilance is needed against the mutation of traditional internet attack methods in the IoT “battlefield.” In the IoT “battlefield,” many traditional attack methods have found new opportunities for application. For example, network sniffing, remote code execution, and attacks on cloud servers leading to compromised devices are all new scenarios for traditional attack methods in IoT technology. These traditional attack methods should not be easily overlooked at any stage.
Finally, relevant authorities should be cautious when procuring smart connected devices to prevent them from becoming “backdoors.” Once intentional “backdoors” are discovered, strict punitive measures should be taken according to laws and regulations to serve as a deterrent.
Source: Economic Reference Daily
Reporter: Mao Zhenhua
Production: Huang Kexin
➤ The World Cup feast begins, a comprehensive review of the Chinese “legion” on and off the field!
➤ The latest college student employment report is out! These 7 majors are the easiest to find jobs
➤ Housing prices in 100 cities have narrowed for 10 consecutive months, where the cooling is most evident!
➤ Two Beidou industrial parks: one unfinished, one full of mysteries! Risks of money-making and land-grabbing around Beidou should be vigilant
➤ The focus of housing market regulation shifts to third- and fourth-tier cities, what signals does this send?
➤ The host’s “money tree,” FIFA’s “printing machine”! The World Cup “money-making machine” is in full swing!
