Detalles de la compañía
In the smart home life of the future, TVs, curtains, refrigerators, electric lights, home thermostats, door locks, alarms that control multiple devices, and many other devices will be smart.
There is no doubt that the emergence of smart homes has brought convenience to users and greatly improved our lives. However, the security issues behind smart homes must not be ignored. For example, if private data is stolen, personal privacy is leaked, and smart homes are illegally invaded. .
This article mainly introduces the security risks of smart homes, which are analyzed from the aspects of hacking, personal privacy and national security risks. At the same time, Xiaobian also summarizes what should be paid attention to when using smart home.
Hacker new prey
Smart homes were once one of the important elements for people to think about the future of good life. For this reason, people have been exploring this field for decades. Taking advantage of the wave of mobile Internet, the era of smart homes has come to an unprecedented speed.
In order to replace the real estate engine that is no longer strong, domestic developers are looking for new opportunities in the back end of the industry chain, and smart homes seem to be a big slogan. Recently, Fangxing joined Tencent, Huayuan took 360, Xiaomi and Zhengrong teamed up to target the smart community, and the entry point was smart home.
According to Huawei's report, there will be 8 billion mobile phone users worldwide and there will be 100 billion terminal connections in 2025, more than 90% of which will come from various smart sensors. The research company IDC is more optimistic, and it expects to have more than 200 billion devices connected to the Internet by 2020. The dependence of human beings on the four basic elements of survival (air, water, food, sunlight) in the physical world is rapidly expanding into the digital world.
In the future, networking will become the norm in the world, and networking will be unique. As a result, past knife robbery may become a special case, and it is normal to invade every family through the Internet without a silent steal.
Many people know that computer security vulnerabilities will be a huge hazard, but there is still no clear concept of the danger of smart home devices being attacked.
The internal network of Sony's film business "Sony Film Entertainment" was hacked. The company's internal financial documents, employee information, and even unreleased videos and internal mail were exposed, causing huge losses to the company. However, once the security defense system of smart home devices is compromised, it will bring more than just property damage, and it is more likely to be direct physical damage.
The hacker invades the home Internet by breaking through the protection, and infects the host with a bot virus, which can control various smart devices such as TVs, refrigerators, cameras, air conditioners, washing machines, smart water meters, and smart door locks.
Trustwave, a Chicago-based enterprise data security company, has successfully invaded a machine toilet made by Japanese building materials and residential equipment giant Lixil. It can handle the opening and closing of the toilet lid through a Bluetooth connection, and even allow the toilet to spray down the user. Water flow.
This means that in the future, hackers will break through the smart home system, maliciously burn others' clothes, and open the induction cooker to cause a fire, which is not sensational. Last year, a user of a WiFi thermostat retaliated against his ex-girlfriend through a thermostat.
Another famous case is the control of the hotel. Spanish hacker Jesus Molina found a security hole in the control system during the stay at the St. Regis Hotel in Shenzhen. Through these loopholes, he was able to control the thermostats, lights, televisions, blinds in the hotel's more than 250 rooms, and the "Do Not Disturb" electronic lights outside the door. Since the hotel does not authenticate the iPad provided to the guest, the hacker can use the notebook to control the equipment in other rooms. Hackers can even install Trojans on the iPad for remote control.
The St. Regis offers iPad and electronic butler applications to each guest to control the various facilities in the room, but the communication protocol used by the hotel, KNX, does not provide encryption and is not secure, so it is easy to target itself. And this security issue does not only exist in the Jerry Hotel. Currently, many home automation systems also use the insecure KNX protocol.
While providing intelligent services to users, smart home devices are constantly collecting user information data, which are stored in the cloud of suppliers. Once these massive data are “black”, the privacy of countless users' families Space will be completely exposed in front of hackers - when will the user go home, when to eat, when to leave home, when to take a bath, when to sleep, what hobbies, etc. will no longer be a secret, become a naked " Hollow Man".
Nest is a smart home brand acquired by technology giant Google for $3.2 billion. Its thermostat can adjust the user's indoor lighting. By connecting with the sensors installed in the home, it can identify whether the user is at home, and automatically adjust the optimal room temperature to ensure the indoor temperature. Suitable; when the user is not at home, Nest will automatically adjust the air conditioner or electric heater to a low-energy stall, thus ensuring that all appliances in the home are in a state of energy saving.
However, it is also a hacker entrance.
At the 2014 Black Hat Security Conference, Buentello, a researcher at the University of Central Florida in the United States, demonstrated how easy it is to invade the Google Nest Intelligent Thermostat. Through the access of the USB device, the user will upload all of their own consumption passwords to this USB device, and the hacker can load his own software as long as he knows the correct booting code.
During the entire process of Buentello's invasion, no "certification chain" security measures appeared to authenticate. Once the hacker successfully loads his own software, no matter what operation the user performs, the hacker will get the corresponding "synchronization". Since then, the hacker will enter the unmanned situation and want to do anything.
At present, the market is flooded with a large number of smart home devices for consumers to choose from, such as Samsung and LG with independent standards, Z-Wave camp smart devices, Nest thermostats and smoke detectors, 360 smart cameras, gas Flue gas intelligent alarm, Xiaomi's small ant camera, etc., the standards are different, the market is messy, making it difficult for consumers to distinguish effectively.
Many enterprises have seen the huge market of smart homes, and they all want to take the lead in taking the lead. Because they are eager to bring their products to market, they have not invested a lot of resources in dealing with attacks, so the security problem is very prominent. In a sample test, researchers from the security company Veracode conducted a security test on six smart home devices, and found that five of them had serious security problems.
National security concerns
For a single user, once the smart home is hacked, the function of the home product is invalidated or even destroyed, and the private data is stolen, blackmailed or severely damaged. And when the number of users is large enough, it will rise to the issue of national strategic security.
There are four main threats to smart homes. First, the agreements and technologies of enterprises are almost closed systems, which are difficult to interconnect. Second, most smart home manufacturers have insufficient understanding of network security. Third, smart home manufacturers usually Do not pay attention to data security issues; Fourth, hardware vendors generally have poor capabilities in software and upgrades.
Most importantly, the operating system used by smart home smart terminals is highly monopolized and is currently firmly controlled by Apple's iOS, Google's Android and Microsoft's windows phone. In the third quarter of last year, the market share of Android and iOS has exceeded 96%. At the same time, China's smartphone shipments in the first quarter of 2012 have surpassed the United States, ranking first in the world, but the core technologies are almost all others, typically large but not strong.
The visualization of big data has brought about a major change in the concept of traditional resources. It is no longer confined to natural resources such as coal, oil, natural gas, minerals, etc. Big data is becoming a strategic resource as important as natural resources and human resources. The new resources of enterprises compete for the focus, and the future is very likely to become an important fulcrum of national competitiveness.
If you control the smart home's terminal running iOS, Android or windows phone operating system, the user's identity, various accounts, geographic location, contacts, schedules, important documents, hobbies... can be collected in real time.
If dozens of tens of billions of intelligent terminal user information in the country are collected by the same operating system provider, the social activities of China as a whole will be completely transparent. Once the information-safe Magino line falls, then we can not only overcome the "Internet +" corner, but may also bear the unbearable weight.
Of course, everything has its advantages and disadvantages. Smart home is the inevitable result of technological advancement and cannot be reversed. China has upgraded the "Internet +" to the height of the national strategy, and it will surely triumph in the future. However, information security involves not only individual citizens but also national security. Snowden’s exposure to the US “Prism Gate” program has sparked serious global concern, which is the best evidence.
When smart home providers and operators in China are rushing all the way with the "Curve Overtaking" dream, the soul needs to keep up.
1, network security
Smart home is an application form of the Internet of Things and is a new type of network. Any network security threats and vulnerabilities will be reflected in the smart home and may even be magnified. It is necessary to strengthen the network protection of smart homes, such as using Blue Shield lightweight border security products or virtualized security devices to enhance the security of smart homes.
Since smart home is a solution composed of multiple different manufacturers, different protocol specifications, and different interfaces of intelligent components based on various technologies, compatibility has become a key concern. This requires not only the coordination of products, but also the security solutions of smart homes to accommodate these diverse products and components.
3, communication protection
Due to aesthetic considerations, smart furniture, unlike the pre-set wired lines, differs from traditional IT environments in that it uses a wireless communication solution. Compared with wired communication, the confidentiality of wireless communication is slightly worse, and smart homes may have various wireless communication schemes such as ZigBee standard and Z-Wave standard, which all need to fully consider their security issues.
4, control center protection
Limited to scale, the control structure of smart homes is usually a centralized control center. The control center is the core of the entire smart home. The control center collects information, normalizes the information in different formats and protocols, and then exchanges information. The control center can be remotely controlled via the terminal. Once the control center is compromised, the attacker can gain most of the home control rights, which can cause great damage.
Control center protection includes clearinghouse protection and information processing center protection. The information exchange center protection mainly sets access control, bandwidth control, and external firewall on the information exchange center such as the switch. The information processing center mainly protects the machines where the control center is located (such as intelligent gateways).
5, mobile control terminal protection
Many smart home systems support remote control of home operations through mobile smart terminals. The mobile intelligent terminal needs to be secured. It is mainly divided into four aspects: mobile data security, mobile security access/terminal management, device loss management, and mobile device security.