Unknown origin IoT equipment possessing high security risks

Evaluations from the Authority of Information Security under the Ministry of Information and Communications show that at the moment, there are many unidentified origin Internet of Things (IoT) devices which cannot ensure the information safety, 70 percent of those have a very high potential of being attacked.
Unknown origin IoT equipment possessing high security risks

In the recent conference and international exhibition on smart IoT equipment in Ho Chi Minh City, Mr. Nguyen Huu Dung, Deputy Director of the Authority of Information Security stated that such devices like Internet Protocol cameras, routers, network printers, and Voice over Internet Protocol equipment have the largest number of cyber security weaknesses in Vietnam at present.

Particularly, 316,712 monitor cameras currently in use in Vietnam have such weaknesses that are extremely sensitive to cyber attacks. The three camera producers whose cameras have the most weaknesses are Hikvision, Dahua, Avtech with over 210,000 devices, nearly 50,000 devices, and around 20,000 devices, respectively.

What is more, the five provinces and cities where installed cameras possess the highest number of security weaknesses are Hanoi, Ho Chi Minh City, Hai Phong City, Da Nang City, and Thai Nguyen Province with nearly 60,000 devices, almost 48,000 devices, virtually 7,000 devices, more than 4,500 devices, and over 2,700 devices correspondingly.

There are two basic security issues in IoT equipment. Firstly, the safety of the devices themselves when being released depends on completely on producers. It is very easy for unknown origin products to be illegally installed with backdoor software, a module to collect personal data of users. Secondly, users of those pieces of equipment set weak passwords or configurations, leading to the fact that hackers can attack these devices to illegally install malware without much trouble.

One subordinate reasons is the information security ability of producers themselves are still so low that they cannot update their own equipment with proper patches. The low awareness of users also contributes to some extent to this high risk.

Until the end of 2017, there were around 7,000 pieces of malware being successfully installed into IoT hardware alone, especially when taking advantage of distributed denial-of-service (DDOS) attacks, since the update patches for these devices are quite slowly released.

Experts, therefore, have suggested that Vietnam should form a national monitoring system to timely recognize any cyber attacks on IoT equipment in order to quickly nullify them. Technical standards and a list of common qualified IoT equipment must be published for any interested organizations and individuals to use.

IoT equipment buyers must carefully choose their IoT merchandise, especially those important ones like Wi-Fi routers, monitor cameras, smart lockers. They should perform detailed research on any brands before purchasing products and consider related comments seriously while finding information on update capacity of producers.

While using products, consumers should continuously observe their hardware and timely install any update patch released by producers. Monitor cameras are also recommended not to be set up in private space to avoid any unfortunate incidents.

Other news