개발자들이 IoT 디바이스의 클라우드 연동을 위해 AWS-IoT 계정을 이용하다 해킹을 당해 수백 또는 수천만원의 피해를 보는 사례가 발생하고 있어 주의가 요구되고 있다.
Increase in unauthorized use of IoT device cloud-linked accounts
When discontinuing account use, it is necessary to protect information, such as by deleting membership.
There are cases where developers suffer damages of hundreds of millions or even tens of millions of won due to hacking while using AWS-IoT accounts to connect IoT devices to the cloud, so caution is required.
Recently, a developer used a free AWS-IoT account to test cloud connectivity for IoT devices. This developer used a free AWS-IoT account with his company email account for simple testing and demonstration purposes.
After I left the company, I naturally stopped using the company email, but my AWS account was hacked and the server was used without permission, so AWS continued to send billing information to an email address that I no longer used after I left the company.
When the developer found out about this, millions of won had already been charged, and the password for the previously registered account had been changed, making it impossible to take security measures.
He said that he tried to notify AWS of this fact and take security measures, but AWS only responded that the owner had to access the account and take action.
However, if the victim wants to reset the password, he or she needs to receive a reset email to the email address registered to the account, but since he or she has already left the company, the email has been closed and he or she cannot receive or check the email.
Accordingly, the victim is said to be continuously contacting AWS Korea and the US headquarters to seek possible solutions.
It is known that this type of case is not limited to this developer, but that there are cases of significant damage.
It is known that accidents frequently occur, especially among novice developers, when they are used for testing or training before developing official applications.
Hacking is indiscriminate, and while experienced developers pay attention to security measures such as two-step authentication, novice developers miss important security measures because they are not familiar with English-language manuals.
In one case, a developer was charged hundreds of millions of won in usage fees and ended up in huge debt without even knowing it.
It is known that there is no specific solution. there is.
Most victims report it to the police or notify AWS of the damage and negotiate for a reduction in usage fees, but it is very difficult to catch the perpetrator and it is also difficult to prove the damage through lawsuits, so in most cases, they are said to be paying the billed usage fees with tears in their eyes.
There are cases where some of the billing amounts are reduced through negotiations with the headquarters and Korean branches, but in the end, the developers are still paying for costs they did not use.
Accordingly, affected developers unanimously agree that considerable care must be taken to ensure account security when creating a free trial account for the AWS cloud.
Experts advise that although cloud companies say they are strengthening security, if your account is leaked, you can easily become prey to hackers, and that you should be careful to maintain double or triple security, such as using two-step authentication and OPT passwords, and immediately delete unused accounts to eliminate the possibility of problems.