In recent years, to join and the requirement that run remotely as the user violent wind rises, content couplet net (IoT) shows explosive type growth, this drove intelligence to live in the development of the market again conversely, it is easier to make live in a system use and manage. From the road by implement, electrical outlet of TV, sound box, lamp, power source, main electric equipment, heating and cooling system, door lock, safety is photographed join now like all things such as head, sensor Internet, but safe expert expresses, the great majority in facility of these new content couplet net did not get administrative, security is very poor also, this makes intelligent household easy be atttacked.

Accordingly, a lot of IT and personage of network safety major call content couplet network " minatory Internet " , the safe flaw that because a lot of is based on,the intelligence of content couplet net lives in a product to be put in solid to have.

The Mark Houpt of official of presiding information safety of DataBank represents business of data center operation: "What we pay close attention to truly is the equipment that those do not get government normally in setting of content couplet net, those equipment may be atttacked by the hacker, be used, as rebound equipment or use as robot, in order to atttack other thing, appear with faceless form. In other words, equipment of network of use content couplet serves as the representative of occurrent actual charge. Equipment of network of use content couplet serves as the representative of occurrent actual charge..

Why is content couplet net insecure?

A lot of equipment, be like notebook computer, smartphone and other end points, provided Windows, Google or Mac platform, because this provided all sorts of safe settings that can change, in order to make these facilities more safe. The account that network criminal wants to visit these facility is completely reasonable, IT and safe industry are adjusting the menace that is absent with answering these nowhere ceaselessly. However, equipment of content couplet network is other one thing however, because its are added in the network, and security is consideration of after the event.

Houpt expresses, equipment of a lot of content couplet network are insecure substantially, the reason has two: Be ignored and lack the port that adds safety and aggrandizement measure.

"On microwave oven, freezer, TV, we are opened without too much choice or be shut or hit the setting with commencement safer facilities. Because cannot be added on TV or freezer,prevent virus software. Because cannot be added on TV or freezer,prevent virus software..

By nature, the user relies on the content that manufacturer adds in its code completely now.

American network safety and infrastructure security bureau (CISA) expresses to agree to this, those who call content couplet the net is increasingly outstanding aggravate is foregone the consequence of network venture, bring new venture.

This orgnaization expresses: "Aggressor uses this kind of dimensions to affect a large number of facility, make its can visit the data on these equipment, perhaps regard corpse as the one part of the network, stem from baleful purpose to atttack other computer or equipment. Stem from baleful purpose to atttack other computer or equipment..

How to use equipment of content couplet network to undertake the network is atttacked

The near future has a few case that accord with Houpt description: Use equipment of content couplet network to transmit the hacker activity of baleful software, include an activity that Palo Alto Networks discovers among them, this activity carries equipment of a series of content couplet network (include the residence and commercial facility) road of network of transmission Mirai corpse by implement, receive a point, photograph wait like system of control of head, visit.

According to the definition of Cloudflare, mirai corpse network is a kind of baleful software substantially, aim to affect the intelligent facility that runs on ARC processor, the purpose is these equipment change is network of long-range control robot.

Palo Alto Networks expresses, below this kind of circumstance, the hacker is capable to use its to carry out other charge through exploiting loophole, include distributed decline a service (DDoS) attack, control the equipment that gets infection completely thereby.

Mirai baleful software begins from 2016 at least active, and exploit the loophole of equipment of network of couplet of intelligent household content all the time, because be compared with company system photograph, the security of equipment of network of couplet of intelligent household content is opposite weaker.

Microsoft is in its " digital defence reported 2022 " in spoke of the content couplet net that increases increasingly minatory risk, because safety of the buy inside lack is controlled,express, menace of content couplet net is becoming a hacker love most.

According to the report of Microsoft, since June 2021, increase steadily in the light of the attack that manages facility remotely, be aimed at content couplet net and operation technology (the network of OT) equipment is atttacked decrease basically in going one year somewhat, appeared in September 2021 considerably violent wind rises.

Microsoft expresses, in a year of in the past, its observe in the light of agreement of net of common thing couplet (like Telnet) attack drops significantly, 60% is as high as below certain circumstance. Meanwhile, corpse network is used afresh by network crime group and nation-state doer. The report says, like Mirai the abidance of such baleful software exists, those who highlighted these attack is modular the adaptability with existing menace.

Microsoft is special mentioned Mirai, this industry expresses, mirai course is redesigned for many times, in order to get used to different framework, had developed to be able to affect equipment of all sorts of content couplet network, include Internet agreement to photograph like videocorder of head, safe camera, number and road by implement.

Next, what aggressor can use transverse and mobile technology to visit a network to go up is other the equipment that suffers attack easily. Normally, this is from brim road by implement those who begin, next the other equipment that aggressor seeks transverse shift to go up to same network.

Palo Alto Networks of no less than points out in that way, aggressor can carry out a series of other activities in equipment of content couplet network, include to add secret data to be occupied in order to get ransom, cleared number, use this equipment to undertake close money is dug adding, just perhaps block equipment makes his useless.

Another example is, microsoft expresses last month, a total position organizes the infrastructure that atttacking a key all the time at Chinese hacker, the method is to pass the small-sized office that is inbreaked and representative of equipment of domestic office network its network discharge, so that oneself are not discovered.

Microsoft researcher expresses: "Microsoft has affirmed, a lot of equipment, include the equipment that ASUS, Cisco, D-Link, NETGEAR and Zyxel make, allow an user to make public HTTP or SSH management interface to Internet. Allow an user to make public HTTP or SSH management interface to Internet..

In another bulletin of American state security bureau, officials knew equipment kind more specificly, listed ASUS, CiscoRV, Draytek Vigor, FatPipe IPVPN/MPVPN/WARP, Fortinet Fortigate, Netgear Prosafe and Zyxel USG equipment.

In fact, a series of intelligence live in a product to be put in safe flaw, include TV, safe system, photograph wait like system of head, control. Business of compositive business, agency, construction and house-owner can be in MITRE flaw database the safe flaw that searchs specific product or supplier.

Houpt expresses, although house-owner may not be of this kind of attack,expect an end, but these hacker methods can bring about a large number of discharge to carry residential network really, and speed can become slow. However, manufacturer of equipment of content couplet network (especially intelligence lives in equipment) begin to realize this one risk, established special safe safeguard.

How to protect the security of intelligent household and equipment of content couplet network

According to Houpt and the information that come from orgnaization of many United States, it is a few proposals that manager of compositive business, construction business, property and house-owner should accept below, avoid in order to protect equipment of intelligent home house and network suffer these safe menace:

Section network. It is guest and other equipment to provide separate Wi-Fi network like company office same, intelligent household also should follow similar practice, especially to long-range staff member character. Say according to Hoopt, this can be finished through VLAN, join simply perhaps through using separate network and road by implement will realize domestic entertainment and job. This conduces to prevent aggressor to live in equipment from intelligence transverse shift reachs an industry equipment, vice versa.

Safe Wi-Fi network. Below probable condition, CISA suggests to change Wi-Fi way by implement with the acquiescent password in other equipment and user name. Entry road by implement the interface that go up still can offer additional safe option.

Strengthen applied safety to install. Below certain circumstance, equipment of content couplet network uses support by shift, accordingly these also should be updated regularly. In addition, CISA suggests the user checks applied attributive, use " the least limits of authority is regular " delete the application that needs no longer.

Newer. When the flaw in discovering equipment or firmware, manufacturer connects regular meeting rehabilitate and release repair of these safe blemish newer. These measure should be carried out as soon as possible, in order to prevent compromise.

Enable multiple identity test and verify (MFA) . In the service that logins in any need or applied process, if can choose MFA, should enable. This provides requirement user the other information beyond the password, in order to grant its the limits of authority of visit application or service.