網路攝影機可應用智慧零售、智慧樓宇、智慧交通、智慧工廠、智慧醫療及智慧家庭等各種領域,已成為近年來消費者最常購買的物聯網電子產品之一,而根據研究指出,在2019年全球會有高達9,800萬台安控攝影機。本研究針對台灣市場販售之20款網路攝影機進行安全評估,透過韌體分析技術識別所使用的開源軟體並比對是否存在已知的安全漏洞,共識別出77套開源軟體,透過比對美國國家漏洞資料庫內容,合計共發現66個高風險、130個中風險及18個低風險等214個安全漏洞,證明國內外網路攝影機製造廠商仍未重視開放原始碼套件所帶來的安全問題。
不同於影像監控系統資安標準所提出的完整且嚴謹的認驗證制度,本研究所提出的測試方法屬於快速弱點檢測機制,旨在提供一般消費使用者之產品安全評估參考依據。若使用者發現目前使用的網路攝影機存在已知安全漏洞時,應避免直接將網路攝影機在無任何安全保護機制的情況下,直接連線至網際網路。若是網路攝影機未來需使用於關鍵基礎設施等重大國家建設時,不僅需符合本研究所提出的測試方法,同時也必須取得物聯網產品資安標章,方可確保網路攝影機之安全。
Among the different types of IoT products, IP camera can be applied to various fields such as smart retail, smart buildings, smart transportation, smart factories, smart medical and smart homes. It has become the most popular IoT electronic products pur-chased by consumers in recent years. First, according to research, there will be up to 98 million security cameras in the world in 2019.
This research identifies the open source software used by firmware analysis tech-niques without comparing source code on 20 IP cameras. A total of 77 sets of open source software were identified by analyzing the 20 IP camera firmware files. A total of 66 high-risk, 130 medium-risk and 18 low-risk 214 were found by comparing the con-tents of the US National Vulnerability Database.
This testing method proposed by this research is a fast vulnerability detection mechanism, which aims to provide a reference for product security assessment of gen-eral consumer users. If the user finds a known security vulnerability in the currently used network camera, it should avoid directly connecting IP cameras to the Internet without any security protection mechanism.
