Yokohama National University and BB Soft Service Corp. of SoftBank Group are investigating the impact of cyber security threats targeting IoT devices on general consumers (June 2017-December 6).The final report has been released.
In the survey, home appliances with internet connection functions, IoT devices, etc. that are generally sold in Japan were installed in the "Connected Home Test Room" assuming a general household.We observed cyber attacks against them, malware (malicious software) infections, etc., and studied how they affect the home network environment, as well as future risks and countermeasures.
According to the survey, in July 2017, access from about 7 IP addresses per day was observed, and unauthorized intrusion from about 3.1 thousand IP addresses per day was observed. In November 1.9, access from about 2017 IP addresses per day was observed, and unauthorized intrusion from about 11 IP addresses per day was observed. In November, we confirmed a significant increase in attacks.
Inside the LAN, we confirmed the situation in which the infection of existing IoT malware is prevented by isolation by router devices.However, it was confirmed that this is not the case if the intrusion into the router device, which is the key to protection, is allowed.In addition, in a simulated attack experiment in the "Connected Home Test Room", it may have a psychological effect such as fear when the influence of the attack (eg, the TV or lighting turns on or off without permission) occurs in the living environment. It was also confirmed that it was possible.
In addition, we are also investigating the protection performance of IoT security box products that protect home networks for general consumers.As a result, although it was confirmed that it was effective against existing threats such as port scanning by IoT malware and guidance to phishing sites, there were cases where malware infection could not be prevented and cases where the fact of infection could not be detected.It was also confirmed that the response to unknown attack methods such as pseudo-attacks was insufficient.
Based on the results of this survey, the research group has taken measures for general consumer IoT security: (3) strengthening the protection function of router devices and IoT devices in the home, (XNUMX) encrypting communication of IoT devices, implementing authentication functions, and developing guidelines. , ③ Propose three continuous evaluations for IoT malware countermeasures.In the future, in the advanced network society realized by IoT technology, general consumers pointed out the need to consider knowledge and measures for self-defense on the premise of the risk.
