While the Internet of Things (IoT) era of home objects is opening, the hacking that is aimed at this is surging, and the user is concerned about the damage. Especially when vulnerability is discovered, companies are hiding it only internally, and it is pointed out that user damage can be more serious.

The Korean government announced the "Home Internet Appliance IoT Security Guide" to secure security from the design stage last July, following the "Common Internet Information Security (IoT) Security Guide" issued last September, but it is not compulsory. This is because there is no way to prevent companies not adopting them for reasons such as rising costs.

According to the Korea Smart Home Industry Association, the domestic smart home market is expected to reach KRW 23 trillion in 2019 from KRW 12.5 trillion last year. Home IoT is a platform for gathering and exchanging information by connecting mobile devices and home appliances to the Internet and communication. It is convenient to control and control home appliances at home using a smart device outside the home, but there is a risk that personal privacy will be exposed if security is poor.

It is pointed out that IoT security standards are not yet available globally, and there is a risk of hacking due to lack of security investment by manufacturers.

Checkpoint, a real security company, recently found security vulnerability in LG`s home hub IoT device `SmartSync` (AI speaker). Hackers have been able to take advantage of the vulnerabilities of smart-think mobile apps and cloud applications to remotely log in and steal user accounts to control vacuum cleaners and embedded video cameras. Among the millions of people using LG`s home appliances, those who will not update the latest patches are still at risk. After recognizing the problem in September, LG Electronics finalized the security vulnerability.

It is not only LG Electronics. WikiLeaks revealed in a March government document that the CIA (United States Central Intelligence Agency) used the vulnerability of Samsung`s smart TVs to plant malicious code and remotely manipulate it to intercept people. In April, an Israeli security company named "Equus Software" revealed 40 Zero Day (unknown malware) vulnerabilities in the operating system used by Samsung smartphones and smart TVs. Samsung Electronics plans to install smart functions such as IoT and AI in its home appliances by 2020.

"Most of the IoT devices are user-responsible for allowing users to update their patches," said Kim Deok-su, managing director of Penta Security. "As you can see in recent cases, "We are looking for vulnerabilities in cloud environments that connect to IoT rather than vulnerabilities," he said. Manufacturers need to take care of all three elements: application, device, and cloud. Kim said, "Large manufacturers have a large number of organizations, and they need to have an organization capable of checking all three factors."

Especially, the number of attack targets has increased, as carriers such as SKT, KT, Naver, and Kakao have recently launched AI speakers. BEUC, the European Union consumer group, warned in a report last month that children`s smart watches are vulnerable to hacking, which could lead to hacker control and GPS tracking.

Kim Do-won, the head of the KISA Vulnerability Analysis Team, said, "Companies should strictly follow the security guideline and have to produce products with care from security such as secure coding from the development stage. "We are reluctant to disclose this information, and even if we disclose it, we minimize it, and most of the patches do not know the reason, but we need to change our attitude to actively disclose it."

By Lee Gyung Tak kt87@


[ copyright ⓒ The Digitaltimes ]