The editors at CE Pro have made a conscious effort to increase our coverage of smart home cybersecurity issues and IoT device vulnerabilities, and for good reason. Increasing the amount of devices connected to the internet creates even more potential vulnerabilities for hackers to exploit for nefarious purposes, as evidenced by this alarming story out of South Korea.
According to cybersecurity firm Bitdefender, a Korean hacker has been sentenced to four years in prison for accessing and distributing private videos from vulnerable wallpad cameras in over 400,000 homes.
The hacker remotely accessed 638 apartment complexes in South Korea and exploited ore than 400,000 devices used by residents to operate their video security systems and other functions.
Like how other cybercriminals sell access to an organization’s IT infrastructure, the hacker requested 0.1 Bitcoin for video footage from one single day inside one home. A list of apartments claimed to be hacked was shared online, along with videos of people inside their homes. Some of it even included intimate sexual scenes, Bitdefender reports.
The hacker attempted to hide his identity by using overseas servers to communicate with buyers of the sexually explicit footage. South Korean authorities arrested the suspect at the end of 2022 and seized computers that contained 213 videos and 400,000 photos that were illegally obtained.
Lightapalooza took place in late February, and the growth of the event has mirrored the rapid ascension lighting fixtures and controls.
In a twist of irony, the man accused of hacking gave an interview in February 2019 in which he demonstrated the ease with which he can hack into wallpads, going so far as to describe wallpads as something that “middle schoolers with basic knowledge of computers can easily hack.”
At trial, the hacker claimed that his actions were to publicize the security vulnerabilities of the wallpads. Legitimate ethical hackers and security researchers typically inform the impacted manufacturer of the vulnerabilities, but the action of viewing sexually explicit footage and selling it obviously crosses a line.
The report did not give the identity of the manufacturer of the wallpads or how the hacker was able to access them, but any device with unpatched vulnerabilities can be a target used for further malicious activity.
Several governments have begun taking action on smart home cybersecurity issues. The U.S. government will soon begin a voluntary cybersecurity labeling program for consumer IoT devices, and the U.K. will begin banning bad default passwords in IoT devices. Private organizations such as the Connectivity Standards Alliance (CSA) have also announced their own consolidated IoT security specification meant to simplify device compliance across multiple countries’ standards.
The post 2024 Lighting Controls and Fixtures Report appeared first on CEPRO.