Foreign Media: cameras, routers, printers, and other hacking tool-IT information
Foreign media said today, as the saying goes "the nest, eggs" in the face of large-scale cyber attacks, both tech giants like Facebook, is one of many technology startups, are not alone in this crisis, how to make smart devices safer, has become a common task in front of them.
Following is the full text of the article:
New round of network attack full use of cameras, video recorders, printers, wireless routers, and wireless audio and other everyday electronic equipment, which also sounded the alarm for people, make them aware of the potential dangers of the Internet. However, device manufacturers face a common problem is that their general lack of understanding of network security knowledge to deal with hacker attacks that they were not familiar with the task.
Network security challenges facing
Below we rise technology (AV Tech), for example, that technology companies face this challenge. Shinestar technology is a well-known camera manufacturers, in the 1990 of the 20th century was founded in suburban Taipei. It was on the 2008 Forbes list of firms with great potential but due to fierce competition with mainland manufacturers, the company's profit before one-tenth.
And, like their counterparts, rising technology product development focus has been on the line, and store video camera digital video recorder is connected to the Internet, so that users can remote access. However, these companies did not know much about digital security and smart devices are more vulnerable to hacker attacks.
Internet security company Covata CEO telunte·teerfude (Trent Telford), said: "a cruel reality is that network security is not even brought to the attention of many manufacturers. Manufacturers will eventually pay more attention to network security, but for the current generation of Internet users, it may be too late. ”
Insiders predicted that by 2020 there will be up to 30 billion devices connected to the Internet, all these devices are prone to hacker attacks. A few days ago, hundreds of thousands of consumer electronics devices to become the so-called "botnet" one destination site, including PayPal, Spotify, Twitter attack, the attacks highlighted the security risks of Internet equipment.
Network security experts say this is only a start. They later discovered that the new version of the malicious software, in order to find vulnerabilities and infections of the equipment. According to the Internet security consultant IOActive security experts dannier·misile (Daniel Miessler) introduces network zombies can also be used in ad fraud activities.
Mass DDoS attacks
Network security consultancy Flashpoint said during last month's massive Web attack using botnets, part of this week have also been used in the United States two presidential candidates campaign websites launched a distributed denial of service (DDoS) attacks, although the two sites is not the attack paralysed.
Despite the security researchers are not found in a botnet or technology equipment, but they have pointed out that some problems or technology equipment, which made it vulnerable to attack.
Hungary security company Search-Lab gegeli·aibohate (Gergely Eberhardt), said in a blog post, he repeatedly reminded in one year rising tech note 14 security vulnerabilities in its products, but the other party has not responded, he last month released its own findings. This is confirmed by the company where Stephan Eberharter.
In addition, other news of DDoS attacks also give the Taiwan companies sounded the alarm. Shinestar Special Assistant to the President's Office of science and technology dike·Li (Dick Lee) says: "to be honest, hacker attacks as well as how to detect such attacks before, not rising technology issues of concern. This has greatly improved our internal alert levels. These are surveillance equipment manufacturers have to seriously question. ”
Hardware device manufacturers are taking this issue seriously, though sometimes also reluctant. Male, Hangzhou, China camera manufacturers recently recalled thousands of pieces of equipment, because researchers have found that these devices be Twitter and other Web sites paralyzed part of the botnet, Hangzhou male, but said it would take legal action against people who denigrate the company.
Development of Internet technologies
The chip maker Qualcomm said, the company is developing will increase networking devices security technologies, such as intelligent machines based on the new technologies. Paul Jacobs, Chairman of Qualcomm Executive (Paul Jacobs) in Taipei on Monday to attend a science and technology activities in activity gap told Reuters in an interview, he said: "we can give important elements of hardware integration remains to be seen: the device is engaged in something it shouldn't do? Equipment should not have dialogue with it things interact? Device is accessing memory in different ways? IOT must be upgraded to ensure that users of equipment in a safe, which is very important. ”。
Laifeidi said the company produces sensors, help share fitness treadmill user data, if the company develops software, encrypted data in an appropriate manner, the device would be put off for three-month delivery. A lower cost is to hide this data, makes it harder for hackers to crack.
Completely changed concept
Industry organization is in this backdrop, focused solely on security issues. Laifeidi IoTSec Australia this year created specifically for entrepreneurs to provide security services, headquartered in the United Kingdom's Internet Safety Foundation (IoT Security Foundation) members include ARM, Huawei, Philips and other companies.
Internet Safety Foundation founder John Moore (John Moor), said the Foundation's main objective is to simplify the Internet safety guidelines, where engineers really read this material. Internet Safety Foundation is about to publish first manual on best practice, pages 300 to 400 pages of industry documents to one only 30 pages of paper.
Moore noted that "more than just technical challenges facing these companies. They can integrate several security features, but they established the procedures? Whether they are doing the right thing? ”
外媒:摄像头、路由器、打印机等将成黑客攻击利器 - IT资讯
国外媒体今天撰文指出,俗话说“覆巢之下,安有完卵”,在大规模网络攻击面前,无论是Facebook这样的科技巨头,还是众多科技创业公司,都无法在这场危机中独善其身,如何让智能设备变得更安全,已成为摆在他们面前的共同课题。
以下为文章全文:
新一轮网络攻击充分利用摄像头、录像机、打印机、无线路由器和无线音响等日常电子设备,这种攻击特点也给人们敲响了警钟,让他们意识到物联网的潜在危险。尽管如此,设备厂商面临的共同问题是,他们普遍对网络安全知识缺乏了解,无法应对黑客攻击这种他们并不熟悉的任务。
面临网络安全挑战
下面我们就以升泰科技(AV Tech)为例,说明科技公司所面临的这种挑战。升泰科技是一家知名监控摄像头厂商,20世纪90年代创建于台北市郊。它曾经登上2008年福布斯极具潜力的公司榜单,但由于与大陆厂商的竞争激烈,该公司的利润只有以前的十分之一。
与同行一样,升泰科技已将产品开发重点转移到线上,把摄像头与存储视频的数字视频录像机连接到互联网上,以便用户可以远程访问。但是,此类公司对数字安全的了解并不多,让智能设备更容易遭受黑客攻击。
互联网安全公司Covata CEO特伦特·特尔福德(Trent Telford)表示:“一个残酷的现实是,网络安全甚至没有引起众多厂商的注意。厂商最终会更加重视网络安全,但对于当前这一代物联网用户来说,可能为时已晚。”
业内人士预计,到2020年最多会有300亿台设备与互联网连接,所有这些设备都易于遭受黑客攻击。日前,数十万台消费电子设备成为所谓的“僵尸网络”的一员,对包括PayPal、Spotify和Twitter在内的目标网站实施攻击,这起网络攻击凸显了物联网设备的安全风险。
网络安全专家表示,这还只是一个开始。他们随后发现了新版本的恶意软件,旨在寻找和感染存在安全漏洞的设备。据互联网安全顾问公司IOActive的安全专家丹尼尔·米斯勒(Daniel Miessler)介绍,网络僵尸还可以被用在广告欺诈活动中。
遭遇大规模DDoS攻击
网络安全顾问公司Flashpoint表示,在上个月的大规模网络攻击用到的僵尸网络,有一部分在本周还被用于对美国两位总统候选人的竞选团队网站发动了分布式拒绝服务(DDoS)攻击,虽然这两家网站并未因此此攻击而陷入瘫痪。
尽管安全研究人员并未在僵尸网络中发现升泰科技的设备,但他们均指出了升泰科技设备存在的一些问题,而这些问题令其易于遭受攻击。
匈牙利安全公司Search-Lab的格格利·埃伯哈特(Gergely Eberhardt)在一篇博文中表示,他在一年时间内多次提醒升泰科技注意其产品中存在的14个安全漏洞,但对方一直没有作出回应,最终他在上个月发布了自己的研究结果。这一说法得到了埃伯哈特所在公司的证实。
除此之外,其他DDoS攻击的消息也给这家台湾公司敲响了警钟。升泰科技总裁办公室特别助理迪克·李(Dick Lee)表示:“老实说,以前黑客攻击以及如何发现这种攻击,并不是升泰科技关心的问题。这种事情已经极大地提高了我们的内部警报级别。这些都是监控设备厂商必须要认真看待的问题。”
硬件设备厂商正在认真对待这一问题,虽然有时还不太情愿。中国摄像头厂商杭州雄迈最近召回了数千台设备,原因是研究人员发现这些设备成为令Twitter和其他网站陷入瘫痪的僵尸网络的一部分,不过杭州雄迈表示将对那些诋毁该公司的人采取法律行动。
开发物联网新技术
芯片厂商高通表示,该公司正在开发可提升物联网设备安全性的新技术,比如基于机器智能的新技术。高通执行董事长保罗·雅各布(Paul Jacobs)周一在台北参加了一个科技活动,他在活动间隙接受路透社采访时表示:“我们可以给硬件整合一些仍有待观察的重要元素:设备是不是在从事它本不该做的事情?设备是不是在与它本不该对话的东西进行互动?设备是不是正以不同方式访问内存?物联网必须要确保用户可以对设备进行安全升级,这一点非常重要。”。
莱菲蒂表示,有一家公司生产传感器,帮助跑步机用户分享健身数据,如果该公司重新开发软件,以合适的方式加密数据,那么设备就会推迟三个月发货。一个成本更低的是隐藏这种数据,让黑客更难以破解。
彻底改变落后观念
众多行业组织就是在这种背景下出现的,完全专注于安全问题。莱菲蒂今年创建了IoTSec Australia,专门为创业者提供安全服务,而总部设在英国的物联网安全基金会(IoT Security Foundation)的成员则包括ARM、华为、飞利浦等公司。
物联网安全基金会创始人约翰·摩尔(John Moor)表示,该基金会的主要目标是简化物联网安全指南,让工程师真正去阅读这种材料。物联网安全基金会即将发布第一份最佳实务手册,将300页至400页的行业文件缩减为一份只有30页的文件。
摩尔指出,“这些公司面临的不仅仅只是技术上的挑战。他们可以整合一些安全功能,但他们是否建立了合适的程序呢?他们是否正在做合适的事情呢?”