Recently, a number of users reflect their own home smart home cameras installed after the advent of the personal information, interior scene picture was leaked and so on, the suspect with the camera and its subsidiary software related. Yesterday afternoon, a professional engineer to reporters a live demonstration of smart home camera user to obtain information and real-time picture of the whole process, and confirmed the existence of individual brands camera may leak. It is understood that, in accordance with the relevant test results, nearly as smart home security flaws camera products currently on the market.
The living room is linked online photo leaked
Ms. Zhang, who lives in Haidian, she and her husband have to work during the day, at home two and a half son unattended, so hire a full-time nanny to look after. To be able to grasp the real-time information son at home, the couple at the end of March this year through a website to buy a set of well-known brands of remote monitoring cameras installed at multiple locations and living room, bedroom, kitchen and so on.
However, in mid-April this year, the very fact that in a small home browse website, inadvertently found shot her living room is hung on the page. Ms. Zhang said, before she and her family had never invite or allow any sites who take pictures in the home, “the picture is from the point of view of the camera linked to the location of the shooting, and the quality and color, and real-time mobile phone APP picture exactly the same. ”
Since then, Ms. Zhang tried to get in contact with the site, the other will soon be online photo deleted. “The other side says, not their pictures taken, but downloaded from the Internet, I continue to ask Source, refused to answer.”
Ms. Zhang said, the picture does not appear in the video son and nanny, “It should be said that did not appear particularly serious privacy leak case, but the risk is too terrible, if it is leaked picture of the bedroom, then the consequences could be disastrous.”
“We suspect and cameras installed at home about.” In desperation, the very fact that all the cameras and only in the phone APP uninstalled.
Eighty percent of household intelligent camera memory leak risk how to protect privacy?
Cracking the Code to steal the screen in real time
For frequent home smart cameras leak phenomenon, a laboratory for the domestic market of nearly a hundred brands of household camera for the safety assessment tests found that many brands of cameras available in the market, there is a disclosure of user information, data transmission No encryption and other security flaws, even in the user without the knowledge of the direct real-time viewing of the contents of a user’s camera and shooting video.
Yesterday afternoon, Mr. Wang Lab security researcher, demonstrated to reporters bound cell phone users get real-time camera images through the whole process of software vulnerabilities. Reporters found that the tools used by only a Wang computer network already, the code section of a cell phone as well as self-written.
Before the demonstration began, Wang first on the phone to download a certain brand of household camera APP software, and then register the account, but did not bind any camera, at which time the camera list page appears to be empty.
Subsequently, Mr. Wang entered just registered account password on the computer software, and run the code written on their computer. With the operation code appears immediately on the phone APP page multiple cameras monitor screen preview, and with the passage of time gradually increased the number of random points to open one of them, after a brief loading, camera remote transmission of images to start playing, and clarity is very high, and even can identify the user’s home television broadcast the TV screen. In addition, the code in the script is running, the mobile phone number registered to use the large number of users are displayed together on the screen.
Eighty percent of household intelligent camera memory leak risk how to protect privacy?
Wang said that through different scenes in the video it is clear that these pictures are not limited to a certain user to install a camera in the shooting screen. “If necessary, the (people with ulterior motives) this APP can all registered users get all the information out, and then targeted based on a single user’s mobile phone number to a specific user who”, so as to implement highly targeted individual users theft activity. And with just a click on the record button on the phone APP software, the screen will be stolen easily preserved.
And as a code for this tool, Mr. Wang said, as long as there is some programming knowledge and experience can be done, there is a particularly high technical threshold, “for now, be able to write this code is still a lot of people of.”
Bacheng camera head home security vulnerabilities
In a document entitled “camera horizontal test table,” the reporter found that the technical staff of the current market many brands of cameras, conducted a “mobile control terminal”, “cloud application security” and “terminal equipment security” three More than 30 major items of small term test, the results are more or less covered brand security problems.
Security researcher Wang told reporters, from the test results, the current issues related to the leaked video picture camera focused on software vulnerabilities and mobile APP cloud logic software vulnerabilities two aspects, “the other could allow information disclosure problem exists, but In contrast smaller number. ”
Wang Laboratories is located in the domestic market after nearly a hundred brands of household intelligent camera safety assessment tests found that eighty percent of the product there is a user information disclosure, data transmission is not encrypted, APP is not security reinforcement, code logic flawed hardware security flaws debugging interface, the lateral control.
According to safety engineers Liujian Hao introduction, the presence of these security flaws allow access to the network camera can be easily controlled by criminals, ready access to the camera images and voice messages, for the installation of cameras to monitor home or business even webcast.
Liujian Hao explained, in theory, by phone to the camera remotely view the contents must be registered, even require “one to one.” However, when the individual brands to connect with the phone camera, cell phone and did not verify the identity, which is a very serious vulnerability. Hackers can vulnerability, with a virtual binding can view hundreds of live video cameras, while the emergence of this vulnerability camera with at least dozens, including some well-known brands.
Authorities shall establish safety standards for camera
On how to protect the user home intelligent camera to take personal privacy will not be leaked questions, software security engineers to remind the majority of users, first purchase the camera, to deal with the selected brand to do some research, you can query the target brand-related posts via the Internet or reporter, “the purpose is to find a good reputation, the price is right for the brand.”
Second, when used, must pay attention to set a strong password, and timely attention webcam software reminder. If the phone is bound discovery request a verification code text message, you should change the password immediately.
Third, frequently log camera view, such as found in the actual shooting and other changes in the angle of installation, you need to consider your account safe. At the same time, pay attention to the brand with the camera security message, if we find loopholes should stop using the device and wait for manufacturers to update, and to ensure that the camera is using the latest software version.
At the same time, safety engineers also smart cameras for the home industry suggested. First, the authorities an urgent need to establish a set of information security standards for smart cameras. Secondly, the proposed intelligent hardware platform for developers to build their operations in order to protect consumer data security, to detect and block hacker attacks. Finally, the need to develop an effective emergency response plan to ensure security in the loopholes, can respond quickly and minimize the loss of the user.
Technical Operator illegal invasion of privacy peeping
For frequent home smart cameras disclosure of personal privacy incident, Beijing Xiong Zhi Jiang Jian lawyer said individual homes belong to private individuals more living space, according to the wishes of the individual has the right to public or unlisted, the so-called right to privacy. If the use of information technology to remotely control the camera installed in the room to others, and by the rights holders to obtain the consent of others within residential living conditions, although the means novel, but the essence is still peeping behavior, violation of the privacy of others.
According to the relevant provisions of Security Administration Punishment Law, voyeurism, videotaping, wiretapping, spread the privacy of others, at the following five days detention or a fine of 500 yuan; the circumstances are serious, at least 5 days to 10 days detention, can impose 500 yuan fine. Such as by others peeping obtained in the form of private photos, and upload to the network platform, or the sale of profit, suspected of a criminal offense. In addition, the infringer shall be entitled to claim the infringer civil liability.