Security experts predict that so-called Google hacking will increase significantly this year, and even network cameras may fall victim.
Google hacking refers to malicious internet users or worms using search engines to locate information resources that were unintentionally made public online.
CyberTrust warns that all internet-connected devices—including network cameras—should be considered potential security threats.
Last year, two of the most notorious viruses used Google and other search engines to identify possible attack targets: the MyDoom variant in August used Google to find email addresses, while the Santy worm a few months later used multiple search engines to locate websites with specific software vulnerabilities. Security experts expect to see more such incidents this year and suggest that businesses take steps to reduce their risk of being attacked.
CyberTrust's Asia-Pacific security manager, Andrew Collins, advises that to prevent indexing by search engines, internet resources like network cameras must be secured. (Our product manager Kenny notes: Network cameras should be set up using virtual/private IP settings, and to allow internet users to view the cameras, install our video broadcasting system, so Google can't find them.)
Collins said, "We expect to see more automated attacks using Google to select potential targets. These attacks use search strings to find unintentionally exposed information, such as erroneous code, network cameras, confidential documents, and web pages. Devices with networking capabilities, such as network cameras and digital image capturing systems, should be moved to a private network with non-discoverable IP addresses."
Gartner analyst Jay Heiser also pointed out in a recent potential risk advisory that network cameras with preset network addresses can be easily discovered through Google hacking, posing potential dangers.
Heiser said that while some network cameras are intentionally made available for viewing, many are not. Ensuring they have the latest patches and strong passwords is essential. He added that unpatched network cameras may be susceptible to hackers taking control over their settings and behaviors.
Heiser further explained that most search engines look for a file named "robots.txt," which indicates which parts of a website can be indexed.
For non-public systems and components supporting public systems, using "robots.txt" and other techniques to prevent indexing is the best approach. All internet-connected devices—even network cameras—must be treated as security-sensitive.
CyberTrust's Collins noted that businesses that treat security as an integrated system rather than considering individual applications and devices will find fewer vulnerabilities that attackers can exploit.
蘊藏許多助人的知識與智慧。