Police Specify 3 Security Firms that Managed Wallpads Hacked with the Same Method Used to Hack Auction 13 Years Ago

[경향신문]

Images of living rooms captured by wallpads in one apartment complex in South Korea, which are believed to have been leaked after the wallpads in this apartment complex were hacked. Image captured from an online community

Wallpads, a smart device including cameras that capture the homes in apartment complexes, were penetrated using web shells, a beginner-level hacking method. The method was the same as the one used to hack into the information of 10 million clients at Auction, an e-commerce firm thirteen years ago. The police believe wallpads of 704 homes were hacked and are investigating three firms overseeing the security and management of the apartments.

According to the information that the office of Democratic Party of Korea lawmaker Jeon Yong-gi received from the Korea Internet & Security Agency (KISA) on December 5, the police cybercrime investigation unit and KISA conducted a site inspection of three apartment complexes, where the wallpads were hacked, and found traces of web shells in one apartment complex in Gangnam-gu and one urban residential housing in Jongno-gu, Seoul. The apartment complex and urban residential housing were luxury houses with the actual market price of a unit exceeding 4 billion won.

Using a web shell, the hacker can remotely inject malicious codes into a web server and acquire the authority of an operator or manager to access personal information. In 2008, the personal information of nearly 10 million Auction customers were leaked and in 2011, 1.5 million clients of Hyundai Capital also had their personal information leaked. Web shells were used in both cases. In the security industry, web shells are seen as the most basic hacking method, but an apartment security network was again infiltrated in this way.

The police are currently identifying the details with three security firms, whose wallpads were penetrated based on the initial investigation by KISA. So far, 704 apartments are believed to have fallen victim to the hacking. Among them 538 homes were managed by A security firm, 73 by B, and 56 by C. Authorities have yet to accurately identify the security management firm of 37 homes.

The police are also investigating one hacker who allegedly sold the images illegally captured in this way in exchange for bitcoins. Reportedly, he tried to sell a 24-hour video of one home for 0.1 bitcoin (approx. 8 million won). According to the site inspection by the police and KISA, the wallpad of one unit in the apartment complex in Gangnam-gu was first hacked on August 17, and the wallpad of one unit in the urban residential housing located in Jongno-gu was first hacked on November 10.

A regional analysis of wallpad hacking cases showed that they were most frequent in Gyeonggi with 219 homes, followed by 106 homes in Seoul, 78 in Gyeongsang-do (North and South), 58 in Chungcheong-do (North and South), and 57 in Jeolla-do (North and South).

Kim Hyoung-joong, a professor at the Korea University School of Cybersecurity, said, “The latest hacking attempt took advantage of the fact that apartment complexes had a weaker online security system than offices,” and added, “To prevent hacking attacks, we need to assign personnel to oversee the online security of apartment facilities and have him regularly inspect the security status.”