The New York Times wrote that the proponents of the Internet of Things believe that it has many benefits, such as energy saving, high-tech to anticipate your ideas, and even reduce road congestion, but it has some risks that cannot be prevented, many people It is not yet aware of the existence of these risks. The following is the original content:
The risk of the Internet of Things is that some wirelessly connected devices are located in the same place, which is irresistible to hackers. Hackers can spread malicious code in the air, just like the flu virus on the plane.
In a report released on Thursday, researchers said they found a flaw in wireless technology that is often used in smart home devices such as lights, switches, locks, thermostats, and more.
Researchers at the Weizmann InsTItute of Science near Tel Aviv and Dalhousie University in Canada experimented with Philips' Hue smart bulbs and found that this wireless defect could be used by hackers to control light bulbs.
This sounds like a small problem. But imagine that if there are thousands of connected devices that are close together, what would happen would be that a hacker-created malware could spread like a plague if it infects one of the devices.
Hard-to-attack attackHackers can infect them without having to access them directly: Researchers driving 229 feet (about 70 meters) from a building are enough to infect the network inside the building with malware.
Just two weeks ago, hackers launched a denial of access attack, hitting the servers of New Hampshire's Dyn and interrupting the DNS services they provided.
Security experts say they believe the hacker created a botnet by controlling a series of connected devices and then used it to launch the attack. However, these hackers did not use the methods mentioned in this report on Thursday. A Chinese wireless camera manufacturer said that the password of some of its products is too weak, which is one of the reasons for the success of this attack.
This is not the first time a hacker has used the Internet of Things to launch an attack. However, the scale of this attack is also a warning to those who are not aware of the risks of everyday connected devices.
"Even the best Internet defense technology can't stop such attacks," said highly respected cryptographer Adi Shamir. He is one of the authors of this report.
Risk of helminth infectionThis new risk is related to the radio protocol ZigBee. Born in the 1990s, ZigBee is a wireless standard widely used in home consumer devices. Although it should be safe to say that it is safe, it is not.
Researchers have found that ZigBee can be used to create computer worms that spread malware between networked devices.
Computer worms can be continually copied from one device to another, and attention has been reduced in recent years, but it has been a threat in the early days of the commercial Internet. In 1988, a worm was estimated to be infected with one-tenth of all networked computers.
Now, the number of connected devices has increased to several billions, and the risk of worm infections has increased dramatically.
So what can hackers do with these infected devices? These devices can be used to form a botnet to launch attacks similar to those for Dyn. They can also be used as springboards to steal information, or just to spam.
They can also set the LEDs to stroboscopic mode to trigger epileptic seizures or simply feel uncomfortable. This may sound a bit far-fetched, but researchers have confirmed this possibility.
Carry out a mock attackThe color and brightness of the Philips Hue Smart Light Bulb can be adjusted from a computer or smartphone. Researchers say that if you infect a light bulb, you can infect a large number of nearby bulbs in a matter of minutes. The worm can spread malware to each light bulb—even if they are not in the same private network.
When creating the infection model, they simulated the distribution of light in about 40 square miles of Paris, and found that there were only 15,000 connected devices distributed, and malware could infect the entire area.
The researchers said they have notified Philips about this. The company asked researchers to publish the paper after they fixed the vulnerability. The vulnerability was fixed in a patch released last month by Philips, and customers are advised to install patches through the smartphone app. However, the significance of this issue is still significant.
"The root of our assessment, this problem has less impact on security, because this is a kind of specialized hardware, the software is not open, and in theory to carry out this kind of attack, the distance between these Philips bulbs is very close." Philips Spokesman Beth Brenner said in an e-mailed statement.
Researchers say they need to overcome two separate technical challenges in order to launch a simulated attack. The first is to discover a "significant error" in the wireless communication system that can "cash out" the installed lights from the existing network.
The researchers then used the "side channel" attack to steal the keys that Philips used to verify the new software.
The researchers wrote: "We use devices that are easy to get and cost us just a few hundred dollars to find this key. This again shows that even some big companies use standard encryption technology to protect their fist products. It is very difficult for them to protect security." (Compile / Cloud Open)
Plastic Bluetooth Charger,Mobile Charger Wireless,Suction Cup Wireless Power Bank,Suction Power Bank
Shenzhen Konchang Electronic Technology Co.,Ltd , https://www.konchang.com