根据2024年6月10日Forescout发布的最新报告《2024年最危险的互联设备》,2024年易受攻击的物联网设备数量相比去年增长了136%。报告覆盖了近1900万台设备,发现易受攻击的物联网设备比例从2023年的14%增加到2024年的33%。最容易受到攻击的设备类型包括Wi-Fi接入点、路由器、打印机、VoIP设备和IP摄像头。其中IP摄像机和楼宇管理系统是攻击者的主要目标,使其能够在不被发现的情况下入侵企业系统。
2022年授权法规2022/30/EU中,RED指令新增第3.3(d)、(e)、(f)条网络安全要求,分别针对不同设备提出保护措施,如设备不损害网络、保护个人数据和隐私、防止欺诈行为,扩大监管范围,提高制造商安全要求。
EN 18031-1(3.3.d):针对网络的保护
连接互联网的无线电设备,无论是直接或是通过其它设备间接联网
Improve network resilience (§3.3.d): Wireless devices and products will have to incorporate features to avoid harming communication networks and prevent the possibility that the devices are used to disrupt website or other services functionality.
EN 18031-1: 11 Categories
ACM: Access control mechanism 访问控制机制
AUM: Authentication mechanism 授权认证机制
SUM: Secure update mechanism 安全更新机制
SSM: Secure storage mechanism 安全存储机制
SCM: Secure communication mechanism安全通信机制
RLM: Resilience mechanism 复原机制
NMM: Network monitoring mechanism 网络监控机制
TCM: Traffic control mechanism 流量控制机制
CCK: Confidential cryptographic keys加密密钥机密性
GEC: General equipment capabilities通用设备要求
CRY: Cryptography 加密方法评估
EN 18031-1: 31 cases
ACM-1] Applicability of access control mechanisms
[ACM-2] Appropriate access control mechanisms
[AUM-1] Applicability of authentication mechanisms
[AUM-2] Appropriate authentication mechanisms
[AUM-3] Authenticator validation
[AUM-4] Changing authenticators
[AUM-5] Password strength
[AUM-6] Brute force protection
[SUM-1] Applicability of update mechanisms
[SUM-2] Secure updates
[SUM-3] Automated updates
[SSM-1] Applicability of secure storage mechanisms
[SSM-2] Appropriate integrity protection for secure storage mechanisms
[SSM-3] Appropriate confidentiality protection for secure storage mechanisms
[SCM-1] Applicability of secure communication mechanisms
[SCM-2] Appropriate integrity and authenticity protection for securecommunication mechanisms
[SCM-3] Appropriate confidentiality protection for secure communication mechanisms
[SCM-4] Appropriate replay protection for secure communication mechanisms
[RLM-1] Applicability and appropriateness of resilience mechanisms
[NMM-1] Applicability and appropriateness of network monitoring mechanisms
[TCM-1] Applicability of and appropriate traffic control mechanisms
[CCK-1] Appropriate CCKs
[CCK-2] CCK generation mechanisms
[CCK-3] Preventing static default values for preinstalled CCKs
[GEC-1] Up-to-date software and hardware with no publicly known exploitablevulnerabilities
[GEC-2] Limit exposure of services via related network interfaces
[GEC-3] Configuration of optional services and the related exposed networkinterfaces
[GEC-4] Documentation of exposed network interfaces and exposed servicesvia network interfaces
[GEC-5] No unnecessary external interfaces
[GEC-6] Input validation
[CRY-1] Best practice cryptography
适用范围:
所有通过互联网直接或间接通信的无线设备,包括:消费电子:智能手机、平板电脑、智能手表、蓝牙音箱、Wi-Fi 路由器。智能家居:联网冰箱、空调、摄像头、语音助手(如 Amazon Echo)。车载设备:车载信息娱乐系统、远程控制模块、自动驾驶组件。工业物联网:传感器、RFID 标签、工业网关。
典型案例:支持 Wi-Fi 的智能灯泡、通过蓝牙连接的智能门锁。