Communicate with Supplier? Supplier
Vivian Ms. Vivian
What can I do for you?
Contact Supplier

ChangChun E-vida Technology Co.,ltd

Home > Industry Information > Smart home products into the next battlefield security issues have not been resolved

Smart home products into the next battlefield security issues have not been resolved

2020-02-26

OFweek Smart Home network news After Apple released HomePod smart speakers, overnight, humans seem to have entered the era of intelligence. Big technology companies seem to be ready to use voice as the next mainstream method of human-computer interaction. Previously, Amazon Echo has realized the use of voice online shopping.

In addition to smart speakers, many people today are equipped with Smart Home Products, ranging from smart doorbells to smart refrigerators, which seem to confirm one point: the home, the next battlefield. But are these smart products safe? "Daily Economic News" reporters interviewed by many parties found that the security problems of these products are real, most companies do not have corresponding solutions to security issues while launching products. In the smart age, smart crimes that were previously only seen in Hollywood movies are very likely to appear in our lives.

● speaker security issues have not been resolved

Last month, Apple released a smart speaker called HomePod, which is an artificial intelligence (AI) speaker. In addition to the music playback function, HomePod uses the built-in intelligent voice assistant Siri to implement the voice method. The machine intelligently interacts with the user to answer related questions or complete certain tasks.

Previously, giants including Google Home, Echo, and Invoke have already come up with specific smart speaker products. For example, Amazon Echo is the first product in the smart speaker field. Besides voice song, Echo You can also provide services such as calling Uber, ordering pizza, and even operating a bank account.

T_CFVTEBQ6_v4

According to a report from market research firm Strategy Analytics, Amazon Echo speaker shipments exceeded 5 million units in 2016. The agency expects that by 2022, one-third of North American households will be equipped with smart speakers. On the surface, this is a “card battle” around smart speakers, but from a deeper perspective, technology companies just take this into the home scene. The goal is to cut into the larger artificial intelligence market in the future because of the voice platform behind the hardware. Have the opportunity to become the "operating system" of the Internet of Things and connect a brand-new industrial ecology.

Whether it is a smart speaker or various smart assistants, the working principle is basically the same. After receiving specific voice information, they send your voice information to the server and give the user a response. So this creates a problem, but what if the developer's system is compromised? At the Apple Worldwide Developers Conference last month, Phil Schiller, senior vice president of Apple Marketing, was clear that HomePod's data would be encrypted and no more detailed security solutions were given.

According to Qi Zhijie, a senior expert in the iDST voice group, in terms of voice interaction products on IoT (Internet of Things) devices, there are generally many ways to protect personal privacy. First of all, the device will not always upload the recorded voice to the cloud, but will only exchange data with the cloud after the user explicitly wakes up the device; secondly, the device should be set with a clear “pause” function. The control is given to the user; finally, in the cloud data storage, there must be a corresponding mechanism to ensure that the data "desensitization." He Zhijie also said that this is not only a unique problem of voice interactive products, but also a common problem in the general trend of cloud computing.

1125521527_15806155510251n

● Smart devices face three kinds of attacks

Nowadays, mobile phones have become one of the necessary smart devices for people. Payments and lock screens are all unlocked using fingerprints. But you thought about it. Is it really safe?

According to Mark Cornett, senior director of North American marketing at Precise Biometrics, a fingerprinting algorithm provider, fingerprints can remain on the surface of a large number of objects and can be processed using a range of existing methods (such as tape-pulling, cyanoacrylate smoking, and photography). Get a latent fingerprint within seconds. Once the subliminal fingerprint has been successfully digitized and digitized, it is easy to make fingerprint stencils and fake fingerprints from everyday household materials such as gelatin, latex paint, and plasticine. In addition, high-definition molds can be printed using a 3D printer.

For mobile payment security, Gong Wei, chief security officer of WiFi Master Key, said, “Large-sum payment will have secondary certification itself. At present, the fake fingerprint technology is only for teams that are currently researching on some professional security technologies, and not ordinary people can simulate. Yes, so everyone can still use it with confidence, but with fingerprints as the main method for more authentication, his security will be more and more valued, and in the future you may not remember whether your password is Simple, but will be concerned about whether their fingerprints have been leaked."

According to Gong Wei, smart devices may leak more of our privacy in the future. "In the underground industry, there are many cameras that can watch all kinds of other people's lives for free. The literary youth and single youth themes can be found, but if you want to see the live room, sometimes you will be charged."

T_D9HGD30U_v8

Gong Wei pointed out that in the future, there may be three aspects of potential security risks for smart devices.

The first is from smart devices and smart attacks. Smart cameras, smart doorbells, or smart light bulbs at home can all be the scams of hacker control behind the scenes and launch large-scale attacks.

Second, based on big data mining attacks. Using device authentication provided by Big Data, it can identify this as your phone and “lock” someone through GPS locations. Even mobile phone calls may be imitated in the future.

Again, similar to extortion attacks. This kind of attack will become more and more popular in the future. Unlike the previous simple Trojans, software similar to extortion can be transferred to smart devices in the future.

● Smart lock does not fly

With the popularity of shared bicycles, Smart Locks are also widely known. Zhou Jun, secretary-general of the China Smart Home Industry Alliance, disclosed that in 2016 China's smart lock shipments had reached 3 million, and the output value was between 3 billion and 5 billion yuan. In a county town, a smart lock company sold 170 smart locks for a long time. “All of them are locks of 1500-2000 yuan. Can you say that users have no spending power?”

The reporter found that typing smart door locks in the search box of a large e-commerce platform includes brands such as Samsung, Panasonic, Romance, and Haier. The price is less than a few hundred dollars, and it costs ten million yuan. Many smart door locks flaunt their own special "black technology". The function is not just simple as a password, but also a live fingerprint unlocking.

Although the market for smart door locks is very hot, can these smart locks really prevent foreign intruders? Gong Wei said, “Our technical analysis looked at some Smart Door Lock devices. We should say that they only considered meeting the functional needs of users. They have no strength and no ability to consider security.”

Professionals engaged in big data also pointed out to reporters that when no security incidents are revealed, everyone may feel that such products are very good. Once a security incident occurs, these products will soon face a crisis of confidence.

Gong Wei suggested that when using these smart devices, be sure to read the manual, especially the part of the connection, if the device provides a mode of identification, especially the Bluetooth mode to turn on the device to trust their own, do not set all trust, you need When initializing the password, do not set a simple password because you are negligent about the equipment you use at home.

Gong Wei also emphasized that intelligence is very good, but intelligence also means a higher degree of openness. At present, the safety standards or safety standards for smart devices in the home appliance industry have not yet been introduced, so it is not known whether the manufacturers will use safety as a Very important user needs. Based on this market situation, it is recommended to select some major brand products as much as possible, at least these manufacturers will be more concerned about the issue of security.

Reporter observation

The smarter the more dangerous it may be

In the PC era, people are more demanding on the Internet for entertainment; as demand increases in the mobile era, including online shopping and mobile payments, people will realize that mobile phones cannot be lost; and in the era of intelligence, technology brings unlimited convenience. At the same time, it also threatens people's safety in new ways.

Technological progress is double-edged sword

In the PC era, to ensure security, all systems can do is remind users not to change passwords with simple passwords or regularly. Earlier in the 10 million leaked passwords analyzed by the login management service provider Keeper Security, the login password “123456” accounted for 17%. It is not difficult to see that most people still value the convenience of passwords relative to security.

According to Gong Wei, chief security officer of WiFi Master Key, no password is the best password. There are many technical teams currently trying to cancel the existing fixed password mechanism. Prior to the arrival of the passwordless era, some service providers could use a one-time mechanism or introduce a variety of identity authentication methods in addition to passwords.

In the smart age, the traditional digital and alphabetic passwords were replaced by new recognition systems such as voice, fingerprints, and Face Recognition, but this is not absolutely secure. For example, if a person's voice features are deciphered, it may not only be "shopped online," but if the home uses a sound-controlled intelligent system, it may become the key to your home. The security risks of face recognition also exist. At this year's 315 party, live video synthesis has passed live detection and face verification. According to Sanxiang, the person in charge of Alibaba Cloud's digital memory direction, the greatest risk of face recognition is that it can be impersonated with photos or dynamic video. However, any recognition algorithm has a certain false recognition rate. Although it is low, nobody can guarantee that it will not be. Misunderstanding.

t01d9c175e4b5eaa40c

How can I improve the security of face recognition? Dr. Hua Xiansheng, Associate Dean of the Ariyun Artificial Intelligence Research Institute and IEEE Academician, pointed out to reporters that there is a need to strengthen the recognition of differences between things and screen shots, as well as the ability to synthesize/modify image video recognition (generally called image foresics). .

Undoubtedly, technological progress is a double-edged sword - while it brings people unlimited convenience, it also threatens people's safety in new ways.

Yan Hanbing, director of the Operation Department of the National Internet Emergency Response Center, also stated that with the popularity of terminal devices such as smart wearable devices and Smart Home Devices, cyber attacks on IoT smart devices have increased. An attacker can use vulnerabilities to obtain device control authority, or use it for user information data theft, or be used to be controlled to form a large-scale botnet. He also stated that many smart devices have relatively weak protection capabilities and that attacks against such smart devices will become more frequent in the future.

Smartphones become "King of Secrets"

In fact, the disclosure of personal information is traceable.

Gong Wei pointed out that in the early days, such as poisoning or Trojans, the local records were gone. Corresponding to some personal records, saved information may leak out. In the information leakage incident that occurred in the early years, there were many "human flesh" incidents after the user trajectory was leaked. “For example, I can use an account to determine how many websites you have registered with, you can understand the scope of your hobby, you are interested in news, or historical, and then there may be a large number of underground industries will use your password information. Some sites You don't think it's important. You never log in, but when you register for the site early on, you'll include a part of your password, such as what my lover calls and what the pet calls. This information will be exposed."

However, the channels of information disclosure are changing: from the leakage of information in early mails to more and more mobile phone privacy disclosures.

In April this year, AQSIQ issued risk warnings to remind users of smart phone information security issues. They collected 40 batches of smartphone samples from the market and found 18 batches of samples with potential safety hazards that may lead to information leakage.

According to reports, in the above samples, there are information security loopholes in 12 batches of sample backend information systems, including unrestricted user password complexity, unrestricted number of illegal logins, and unrestricted SMS authentication code misuse. The preset application software in the 9 batches of samples did not explicitly disclose the user data to the user without the user's consent. One batch of samples did not implement the operation authority control function for user data. The update of the operating system of one batch of samples was not automatically indicated to the user and was automatically upgraded without the user's consent. The above problems may lead to leakage of user privacy data and even malicious control of smartphones.

The AQSIQ reminds that after the mobile phone is turned on for the first time or restored to factory settings, you should click to open the preset application of the smart phone other than the system core applications such as dialing, contacts, and cameras, and see if these preset applications have the prompt to collect user privacy. In the rights management menu, observe the permission status and uninstall status of these preset application applications. If these preset applications have a permission application for collecting sensitive private information, there is no relevant prompt information when opened, and the mobile phone may have a security problem of collecting consumer privacy information.

"The main reason for data leakage is that people's daily lives are becoming more and more data-intensive. For example, we used pens and notebooks in our previous address books. Now everyone uses the contacts in their mobile phones, and the data goes from localization to network development. For example, we previously saved photos locally, and now we are starting to store online photo albums. This series of changes will result in risk of data leakage if there are security risks,” said Gong Wei.

Related Products List