On December 5, the Fourth World Internet Conference released its annual outcome document "Prospect of Wuzhen", noting that emerging issues such as the development of the next generation of the Internet, application of artificial intelligence, and digital economy have become the new hot spots for governance.
More than 100 smart camera, smart rice cooker more than 300 yuan, more than 1,000 yuan sweeping robot, not high prices and convenient experience, so that more and more people begin to taste fresh, enjoy the convenience of intelligent living.
However, with smart devices such as smart home being integrated into daily life, security alerts such as personal privacy disclosure and threats to life and property are sounded frequently, leaving consumers with losses and troubling the long-term development of the industry.
Smart home hidden risks
80% sampling camera security risks
Finger tap, 'beep' sound, intelligent door locks have been opened; smart air-conditioned room temperature appropriate; sweeping robot to clean the house as neat; intelligent electric rice cooker and smart oven, a warm meal prepared Pot; smart TVs and smart speakers just wait for 'give orders', it will offer wonderful programs ... ... have appeared in the scenes of science fiction movies, is becoming more and more people at your fingertips.
With the massive application of 5G communication technology and the Internet of Things, the Internet of Everything is about to become a reality.Market agencies expect that there will be 50 billion IoT devices in the world by 2020. The global scale of smart home will grow from the current 10 billion U.S. dollars To 50 billion U.S. dollars, China will become Asia's largest smart home market by 2020.
Although smart home devices can bring a convenient and comfortable life experience, but the security risks behind the same can not be ignored.
In June, AQSIQ's Product Quality Supervision Department collected 40 batches of samples of 38 brands from the market for the possible information security hazards of smart cameras, and found that 80% of the batches had potential safety issues. Some sample backend information systems have over-privileged vulnerabilities. Users can view video from any user's camera in the same platform. Some samples allow users to view or download user registration information and video surveillance stored in the back-end information system.
In September, at the China Internet Security Conference in 2017, the Decoding Security team demonstrated how to remotely control certain smart home devices: the smart lights switch freely in the room, the camera angles are no longer controlled by the owner, and the smart door lock password Can be remotely obtained.
The 2016 China Internet Network Security Report released by the National Computer Network Emergency Response Center shows that in recent years, with the rapid development and popularization of terminal devices and network devices such as smart wearable devices, smart home devices and intelligent routers, the Internet of Things The proportion of cyber attacks on devices is on the rise.
Black industry surfaced
Smart devices into 'thieves' and 'spies'
'You can see it all at once, and you can see it without missing you.'
An e-commerce platform, a monthly sales of nearly million smart camera to use this sentence as a propaganda language in the mobile phone anytime, anywhere attention to the dynamic of the elderly, children, pets, or to achieve remote housekeeping, shop, car , Is the original intention of many people to buy a smart camera.
In early August, Ms. Huang from Chongqing looked for her pet dog and placed an intelligent camera in the living room, which could easily see the real-time picture of the living room through her cell phone. One day, Ms. Huang suddenly found her camera moving and immediately opened Computer background view and found that in addition to their own account, there is a strange user monitoring the camera's information.
According to previous media broke the news, only pay 188 yuan, you can get the family camera can play the contents of the software, enter the appropriate IP address, login name and password, you can successfully log in to the camera, remote viewing real-time monitoring screen, and even the screen can be enlarged Narrow.In some QQ group, the cracked IP address will even be used as a solicitation by the owner of the popular gifts, free distribution to the group.
In July, Beijing police cracked the nation's first case of Internet home network camera crack software case, knocked down a criminal chain, captured the 24 people involved in a party and Zhao involved in the illegal purchase of the camera to crack the software to crack the IP web camera, watch the save or Traffic camera shooting content.
For the invasion of the camera information, hackers are not alone receive .In July, ZhejiangLishui police found crackedIntrusion home IP address nearly ten thousand, involving Yunnan, Jiangxi, Zhejiang and other places.According to the suspect, Wang, if The camera's monitoring screen facing the living room, do not; if facing the bedroom, bathroom and other private places, the price is 10 yuan a; if there is "material" so-called 'boutique', you can sell 20 yuan a, but also in the cloud Trafficking many times.
From a legal point of view, smart home devices have been cracked, resulting in the user's information is shared for sale, mainly against the user's privacy. "General Civil Code" "Criminal Law Amendment (IX)" "Tort Liability Act" Cyber Security Act "And so on, have made specific provisions on the privacy and personal information protection of citizens." Zhu Wei, deputy director of the Communication Law Research Center of China University of Political Science and Law.
In addition to acting as a spy for snooping privacy, a maliciously controlled smart home may also become a 'thief' or even a 'bandit' in the home. Han Weili, vice dean of the School of Software at Fudan University, said that the security issues in smart home are all-encompassing : In addition to the disclosure of personal information, the loss of family property may also be caused by the loss or malfunction of smart home devices. More criminals use personal home appliances with malicious control to conduct personal attacks and cyber attacks.
For example, maliciously controlled smart toys may induce children to make dangerous moves such as opening the door and climbing out of the balcony. The cracked smart door lock, the smart safe, instead of a thief 'insider' Of the temperature can be arbitrarily increased, eventually triggering a fire; smart home may also be controlled to form a large-scale 'botnet' attacks on web servers, resulting in a large-scale paralysis of Internet services.
Security fence needs to be secured
Increased investment in technical confrontation technology
November 22, China Light Industry Federation and China Household Electrical Appliances Research Institute jointly announced the launch of smart home community standard development work.Industry believes that smart home products can not re-function, light and safe, smart home products should be promulgated as soon as possible the safety norms, Explore the establishment of credit protection mechanism for enterprise privacy protection.
'Solve the security issues of smart home applications for the Internet of Things, first of all, to increase investment in system security technology, with technology to counter the technology.' Han Weili said, 'Analysis of smart home security problems may exist and clarify its essence, is a very complex and Serious scientific problems require researchers to devote a great deal of manpower and resources to a wide range of in-depth work based on the technology itself and its application, which is often overlooked by industrialists in the fields of smart home and the Internet of Things.
Zhang Yan Road, director of research and development platform for millet Internet of Things admitted that the smart home equipment category, the use of complex scenarios, with a certain technical threshold. Product security design to be comprehensive, companies not only need sufficient technical strength, but also the accumulation of experience and cost. At present, the products on the 'products' platform adopt a built-in unique key and ensure the security by customizing independent security chip hardware for sensitive devices such as smart locks. These technologies are also open to the public at the same time.
National Computer Network Emergency Response Center recommends that intelligent equipment manufacturers should make equipment safety life-cycle security work to develop a sound network security emergency plan; found that the device is flawed or implanted malicious programs, to provide online upgrade capabilities, Or promptly notify the user to manually repair.
The issue of smart home security is a systemic issue that requires coordination of technology, management and laws and regulations to ensure the healthy development of the entire industry. The "Cyber Security Law" implemented on June 1 and the "Supreme People's Court and Supreme People's Procuratorate on Handling Infringement of Personal Information of Citizens Interpretation of Several Issues Concerning the Application of Law in Criminal Cases ", further weaving a smart home 'safety net'.
'Network Security Law' both precautionary measures, but also remedial content, from the system, technical, regulatory, assessment made the provisions of the 'Zhu Wei said that users of smart home infringement, the rights of the largest The difficulty is to find the real infringer 'Proposed to adjust the burden of proof, the user's personal evidence of difficulties, the platform should be undertaken by the manufacturer to bear the burden of proof.'