ACROFAN

SK Infosec EQST Regular Media Day : IoT Hacking and Privacy Invasion

Published : Monday, February 18, 2019, 10:34 pm
ACROFAN=Bora Kim | bora.kim@acrofan.com | SNS
On the morning of January 30th, SK Infosec held EQST regular media day at Ferrum Tower in Jung-gu, Seoul.

The media day was held by SK Infosec to show the hacking demonstration and presentation on the theme of IoT (Internet of Things) hacking and privacy invasion. The officials including Jae-woo Lee EQST group leader, Tae-hyung Kim EQST Lab chief and Hyung-wook Jang EQST group and Lab expert member attended the event.

EQST is a security expert group of SK Infosec, which is involved in cyber threat analysis and research as well as responding to security incidents at the actual hacking incidents. In addition, the announcement of this day cited the results of domestic and overseas institutions' investigation and warned of the explosion of IoT devices and the risk of hacking on home IoT devices.

▲ SK Infosec’s EQST regular media day was held.

▲ Tae-hyung Kim EQST Lab chief got the presentation.

According to the announcement, the number of devices connected to the Internet worldwide exceeds 17 billion in 2018. Among the 17 billion devices activated, the number of IoT-related devices reached 7 billion, and in 2025, it is expected to exceed 20 billion. As a result, the number of new vulnerability reports and rewards in Korea is on a year-on-year increase. Specifically, in 2018, 80% of IoT attacks were Satori and Mirai botnet.

Mirai botnet operates in the way of scanning and accessing IoT devices with malicious administrator accounts, spreading malignant codes, and generating a DDoS (Distributed Denial of Service) attack with a massive botnet consisting of IoT devices. According to Mirai botnet’s analysis of the degree of infection by country, Korea was ranked as 8th place with 4%, but it is never safe since Japan, which has larger area than Korea, showed lower percentage. Mirai botnet is not a new method but an existing method, but IoT devices are vulnerable and can be easily attacked by Mirai botnet.

Moreover, the survey on information protection in 2017 said that the most popular products for domestic IoT users are smart home devices and the key concerns were the increase in management vulnerabilities, threat of personal information infringement, and the strength and possibility of cyber-attack. The IoT devices with insufficient security can be used as a tool for hacker’s attack by being accessed through the system with account information that can be acquired from the Internet. In fact, it was introduced that it is easy to acquire IoT device administrator account information simply by searching 'default password' on a portal site.

Next, the cases of privacy invasion through IoT hacking were introduced. First, the cases of stealing private video files through the unauthorized remote access to IP cameras with the acquired information from web server hacking were mentioned. For example, there was a case of hacking home IoT devices for companion animals, which had a lot of problems last year, or hacking baby monitors installed for babies in the United States. There was also a case of hacking a smart toy with a microphone or speaker to remotely control the device and steal personal information stored in the server. Furthermore, at the beginning of this year, there was another case that the door was opened by a hacker through hacking the signal occurred when the digital door lock is opened.

▲ Domestic new vulnerability reports/awards are on a year-on-year increase, and 80% of IoT attacks in 2018 were found to be Satori and Mirai botnets.

▲ The privacy invasions through IoT hacking were presented.

The cases of webcam hacking were announced. As hacking cases of webcams such as laptop cameras and CCTVs increased, the Ministry of Science and ICT conducted a monitoring service, resulting in a sharp decrease in the number of cases from 3,568 in the first quarter of 2018 to 256 in the third quarter. The continuous monitoring by government has reduced the number of webcam hackings, but many images are still being exposed in real time.

The first example is the Russian ‘Incecam’ site. Incecam collects pages that do not change the default setting values such as administrator ID and password through GHDB&Shodan in the site, so that it can view CCTVs of the country in real time through the weak webcam list in the main homepage. In addition, it discloses information about CCTVs using the fact that there is no authentication procedure in the CCTV management mode.

Moreover, IP Scanner, which scans the neighboring IPs for accessing and manipulating vulnerable webcams after logging in through the unchanged default settings, such as administrator ID and password, was introduced. Likewise, there was a case of stealing webcam recording files by accessing with ID, password, and telnet service through port scan after accessing unchanged open AP (webcam for server storage) and determining the IP that is currently using webcam.

EQST recommended setting a different secure password for each webcam product and performing regular firmware updates for webcams and AP devices as security measures for these IoT devices. In addition, EQST introduced ‘IoT product security certification service’ from KISA, and proposed to follow ‘mandatory setting and change of initial password for IP camera and CCTV’, which will be implemented from February.

Tae-hyung Kim EQST Lab chief said, “As Web services evolve, hackers enjoyed making money by hijacking personal information, and the growing number of IoT devices has become an interesting content for these hackers. So, the spread of 5G is expected to lead to more intrusive privacy violations in our lives. Although there are many types of webcam hacking, it is important to remember that simply changing the password greatly reduces the risk of hacking, since most hackers target at the devices with default administrator and password setting.”

What’s more, the case of Dark Web was introduced – it is accessible only with certain software such as Tor (The Onion Routing) and it cannot be accessed through a normal browser or domain. As a result, contract murders, drugs, illegal video distribution, and illegal transactions take place, and the invasion problems including personal information and video of famous foreign celebrities, IP camera hacking video, and webcam arise.

Lastly, Jae-woo Lee EQST group leader announced that EQST will progress security for expanding IoT diagnosis area and systematizing. Through security consulting on IoT devices, EQST will analyze IoT environment, identify threats according to information protection areas, analyze and evaluate risks, and demonstrate security solutions through simulation hacking. Moreover, a guide to security consulting and mock hacking will also be provided. As for DSaaS service, industrial safety services and power/energy/building facility management services will be offered.

▲ According to the monitoring service by the Ministry of Science and ICT, the number of webcam hacking has dramatically decreased.

▲ Jae-woo Lee, EQST Group Leader

▲ EQST announced that it will carry out security for expansion of IoT diagnosis area and systematization.


Copyright ⓒ Acrofan All Right Reserved


Company Name : ACROFAN
Founded : October 1, 2006
Ownership : Jae-Yong Ryu, Founder.
Headquarters : 1407Ho, Yangpyeongro 12gagil 14, Yeongdeungpo District, Seoul, Republic of Korea(South Korea). Postal Code 07222.
Contact Us : guide@acrofan.com
Contents API : RSS
Copyright(c) ACROFAN All Right Reserved