'Blinded security' hacked wallpad and leaked privacy of 400,000 households

Cyber Security

A tablet device installed on the wall of an apartment living room to perform crime prevention, disaster prevention, and lighting control is usually called a 'wall pad' and helps people enjoy a convenient home life. With the advancement of technology, it has become inconvenient to not only check home visitors through wall pads, but also to control room temperature, control elevators, alarms, and call management offices.

According to a recent report by the Korean National Police Agency, a suspect was arrested for illegally hacking a camera attached to a wallpad and trying to sell some of the videos containing the private lives of about 400,000 households to be posted on overseas sites. The suspect is under investigation without detention after being arrested on December 14, 2022 for violating the Information and Communications Network Act. It is becoming more controversial as it has been revealed that the suspect was a security expert who explained the hacking of apartment central management servers and wall pads in the past.

The suspect said that from August 2021 to November of the same year, an apartment complex using a wall pad made by A and B companies was set as a target for hacking. In addition, he was accused of secretly filming a video and leaking part of the video by hacking the server that centrally manages the wall pads in 638 apartment complexes nationwide and the wall pads installed in each apartment household (404.847 households) in order to obtain permission. are receiving The videos obtained by the police are 213 videos and more than 400,000 photos taken on 16 wall pads.
The police revealed that the suspect had two previous convictions of the same type, including hacking and DDoS attack. He took his considerable knowledge of IT security and used it for his crimes, including creating his own automatic hacking programs and liberally using tracking evasion methods and secure emails. In addition, in order to evade tracking by investigative agencies, wireless routers installed in multi-use facilities that people can easily access, such as restaurants and accommodations, were hacked and abused for crimes, and secure e-mail and file sharing in foreign countries that do not require real name authentication for subscription. I used a method such as using the service.

The police investigated why wall pads were being abused for crimes, focusing on preventing the spread of damage in close cooperation with the Korea Internet & Security Agency and wall pad manufacturers from the beginning of the incident.
We pointed out weaknesses such as institutional deficiencies in responding to the latest digital devices, negligent management of the central management server of apartment complexes and wall pads in households, and negligent management of wireless routers installed in multi-use facilities. The police delivered related contents such as criminal methods through meetings of related organizations such as the Ministry of Science and ICT and the Personal Information Protection Committee of the Korea Internet & Security Agency, and took measures to reflect them in the 'Home Network Security Guide'.

Users can also prevent crimes in advance by setting a difficult password on the device to use the wall pad more safely, periodically executing the latest security updates, and covering the lens when the camera function is not in use.