In this special period when you have to stay at home to work, study, and play, many "it's there but you don't care" technologies and equipment have regained our attention, and some old topics have also been highlighted.

Recently, a security study found and reported a serious security flaw in ZOOM, the Mac version of the conference software, which could hijack web cameras and make users vulnerable to phishing and DOS attacks. If the user clicks on a special link in the browser, this vulnerability could force the user to open the webcam to participate in the meeting without permission.

From the management of personal privacy leaks many years ago to now, the "new infrastructure" boom has begun, and small cameras are still a weak link in industrial and urban facilities.

Little camera brings big hidden dangers

More and more people are moving their cameras into their homes to guard against theft and care for the elderly or pets; cities, towns, schools, small supermarkets downstairs, and dense cameras have long formed a protection net for the outside world for us.

However, your sense of security may be smashed, and the uninterrupted cases tell the public that the camera is so easy to be attacked or held hostage, and the “camera anxiety disorder” worried about the violation of personal privacy will find you in this way.

Driven by massive demand, the camera market is becoming more and more mixed. Too many small factory technologies and products are not enough, reducing the cost and difficulty of hacking.

This set of data may indicate how serious the problem is.

The reporter searched for "webcam attack" on Baidu and found about 47.3 million related results. At the end of 2018, a network security company Netscout report showed that computers, mobile phones and webcam connected to the Internet would be subject to a cyberattack every five minutes; as of In September 2019, researchers discovered security vulnerabilities in 15,000 private web cameras worldwide.

The reporter learned from the Tencent Cyber ​​Security and Crime Research Base that the black industry has formed an industrial chain for undefended cameras. The upstream has developed cracking tools, and the midstream has used cracking tools to scan camera IDs for package sales, and downstream cameras have used these cameras to peep privacy and extortion. Therefore, no professional skills are needed. The eyes peeping behind the camera are available at any time and may become the biggest hidden danger of your family safety.

Although you can seal the camera of the computer, PAD, and mobile phone with stickers and unplug the power of the smart networked device, this is not the correct way to solve the problem. The exposure of network equipment security issues time and time again needs to attract sufficient attention from the industry.

Since the end of 2019, police across China have cracked and announced a number of cases of illegally controlling home cameras, which has effectively cracked down the entire black industry chain. However, it is not easy to completely block the black hole of the privacy leak of smart cameras, which requires industry supervision. , Enterprises and consumers.

However, cybersecurity experts have repeatedly reminded consumers that no one dares to make a 100% guarantee on security issues. The user's intention is the most important cause of privacy leaks. Only by strengthening self-protection can we avoid conjecture.

IoT security protection capabilities need to be improved

Invasions from hackers or hackers over and over again are like background noise and have become a major feature of the Internet world. With the advent of the Internet of Everything, everyone and everything cannot be separated from the network, and security issues have spread from private space to the whole. Physical world.

Zhixiang Technology co-founder and Vice President of Products Wu Haisang introduced that the 2016 “U.S. Internet outage” and “German Outage” incidents set a precedent for IoT devices being used on a large scale to attack the network. Later, as small as cameras, Pacemakers, as large as the national power grid and nuclear power plants, have become targets of hackers.

In 2016, hackers manipulated more than a million IoT device vulnerabilities to attack other network devices, which once paralyzed the Internet on the entire East Coast of the United States, and Dyn, a technology company, directly lost more than $ 110 million. From baby monitors to home security cameras, many home smart devices have been mobilized by hackers to participate in this IoT botnet attack.

At present, most attacks over 300Gbps involve a large number of web cameras and home wireless routers, which directly shows that these devices have weak security protection.

According to data from the National Information Security Vulnerability Sharing Platform (CNVD), 80% of IoT devices are at risk of privacy leakage or abuse, 80% of devices use weak passwords, 70% of devices ’network communications are not encrypted, and 60% of devices’ web interfaces Vulnerabilities exist and software updates for 60% of devices are not encrypted.

"The security protection capability of the entire IoT chain needs to be improved, and the entire life cycle of IoT products needs to be protected." Qi Xiangdong, chairman of the Qi Anxin Group, emphasized that security capabilities should be generalized in every aspect of the IoT, but compared to Low energy in equipment and technology, the lack of security awareness is the most lethal, and the "human element" is the most important.

"China has the world's largest amount of economic losses due to cyber attacks, but China's cyber security investment accounts for far less than the global average, and cyber security development and informationization are seriously mismatched." President Wu Yunkun said, "In the" twenty years of fragmented development "of China's cyber security market, security lags behind informatization construction, catching loopholes and applying patches. It is difficult to support the" new infrastructure "security requirements. The system engineering method combines the concept of endogenous safety to form a so-called construction framework. "(Reporter Liu Yan)