South Korea is reviewing online security regulations after a hacker targeted hundreds of smart home devices and sold intimate video footage of residents on the dark web in exchange for bitcoin.
Alerted by the Korea Internet Security Agency to the case, police last week launched an investigation and confirmed hacked video footage from apartments across the country were leaked online.
Thumbnail images of the video clips on the dark web showed scenes of private home life, naked bodies and sex scenes, said IT Chosun, a tech news website that exposed the hacking this month.
A reporter posing as a buyer contacted the hacker, who said in an encrypted email that it cost 0.1 bitcoin (about US$5,736) to gain video access to an apartment for 24 hours. The hacker reportedly supplied the writer a long list of flats to choose from.
Smart home features installed in Korean apartments first began as intercom systems, but grew to have expanded functions. Many new flats today have smart home devices, including wall pad door locks, lights, heaters, refrigerators, laundry machines and air conditioners that can be controlled by smartphones remotely.
Some systems include surveillance cameras, which the incident shows is vulnerable to invasion of privacy. If a hacker succeeds in breaching the security of one home, they can also access footage of neighbouring apartments connected through the building’s network, IT Chosun said.
In South Korea, 63 per cent of households live in flats.
The incident has prompted the officials to strengthen firewall guidelines for the Internet of Things, in a shift from the government’s aversion from investing in cybersecurity despite South Korea being a technological powerhouse, with one of the world’s fastest internet networks.
In a statement, the ministry of science and technology said residents faced a real risk of cyber threats “including the exposure of private life, ransomware attacks and shutdowns of home devices”.
Kim Nam-seung, a deputy director in charge of cybersecurity at the ministry, said the incident showed people who lived in flats needed to be vigilant about their online security.
“This incident is drawing public attention as wall pad devices, rather than home computers or mobiles, were hacked, and home privacy was widely breached,” Kim said.
“It also highlights the importance of users avoiding easy-to-guess passwords, regularly downloading security patch updates and using government-endorsed products with solid security walls.”
The government has moved to force construction companies to unlink smart home systems for each flat to prevent hackers from accessing the devices of a whole residential building through a single breach.
“The best way to fight fires is to prevent fires. The best way to fight hacking is to prevent it through solid firewalls and users’ precautions,” Kim said.
Concerns over home system networks have been raised in the past.
In 2018, the local Busan Ilbo newspaper based in Busan and South Gyeongsang province reported it had hired two computer science graduate students to hack into the smart network of a newly-built residential building to test its security level.
In just one day, the student hackers succeeded in opening the door of one home, and peeked into another through the camera installed for video calls between residents. The newspaper reported that the students could even turn on and off gas valves and lights, as well as change the heating temperatures of homes.
Following the report, the ministry of science and technology advised residents to set up unique passwords and regularly update their home systems. Experts also advised residents physically to cover cameras when they were not in use.