With the internet of things (IoT) era beginning, IoT hacking cases are surging, triggering concerns about damage to users. Especially when vulnerable points are discovered, companies are busy covering them up internally only, making experts point out that it may give more damage to users.
The Korean government announced the "Home Appliance IoT Security Guide" to lead developers to secure security from design stages in July, following the "Common IoT Security Guide" issued in September of last year but they are not compulsory. This is because there is no way to oblige companies to adopt them when they do not so due to rising costs among others.
According to the Korea Smart Home Industry Association, the Korean smart home market is expected to reach 23 trillion won in 2019 from 12.5 trillion won of last year. The home IoT is a platform for gathering and exchanging information by connecting mobile devices and home appliances by way of the internet and telecommunications. The home IoT comes in handy as it enables people to control home appliances at home using a smart device from the outside. But there is a risk that privacy will be exposed if security is porous.
It is pointed out that as IoT security standards are not yet available globally, there is a risk of being hacked due to a lack of security investment by manufacturers.
In fact, Checkpoint, a security company, recently found a security loophole in LG's home hub IoT device Smart ThinQ (AI speaker). It was found that hackers became able to remotely log in and steal user accounts and control vacuum cleaners and built-in video cameras by taking advantage of the vulnerabilities of Smart ThinQ Mobile and Cloud Applications. Among millions of people using LG's home appliances, those who have not updated their LG products with the latest patches are still at risk. After recognizing the problem in September, LG Electronics completed its action to cope with the security vulnerabilities.
This issue does not cut across LG Electronics only. According to secret documents of the US government released by WikiLeaks, the Central Intelligence Agency (CIA) of the United States planted malicious codes in Samsung's smart TVs by using their security vulnerabilities and remotely controlled them to eavesdrop on ordinary people. In April, an Israeli security company named "Equus Software" revealed 40 zero-day attack (unknown malware) vulnerabilities in the Tizen Operating System loaded into Samsung smartphones and smart TVs. Samsung Electronics is planning to load its home appliances smart functions such as the IoT and AI by 2020.
"Most IoT devices enforce users to update new patches. Thus, the only way to combat hacking is for users to update their IoT devices themselves with patches on a regular basis," said Kim Deok-su, managing director of Penta Security. "As shown in recent cases, hackers are looking for vulnerabilities in cloud environments that connect to the IoT rather than the vulnerabilities of respective devices. Manufacturers need to take care of all three elements -- application, devices, and cloud services. Large manufacturers have teams to pay attention to them. It is necessary to have an organization to check all of the three elements."
In particular, the number of hackers’ targets has increased as lately carriers such as SKT and KT and Naver and Kakao have launched their AI speakers one after another. The European Consumer Organization BEUC warned in a report last month that children's smart watches were vulnerable to hacking so they can be controlled by hackers and children’s position can be tracked via the GPS.