TY - GEN
T1 - Internet Protocol Cameras with No Password Protection
T2 - 19th International Conference on Passive and Active Measurement, PAM 2018
AU - Xu, Haitao
AU - Xu, Fengyuan
AU - Chen, Bo
N1 - Funding Information:
Acknowledgement. We would like to thank our shepherd Mark Gondree and anonymous reviewers for their insightful and detailed comments. This work was partially supported by Microsoft Research Asia, CCF-NSFOCUS Kunpeng Research Fund, and Alipay Research Fund. Any opinions, findings, and conclusions or recommendations expressed in this material are those of the authors and do not necessarily reflect the views of the funding agencies. The co-author F. Xu is the contact author.
Publisher Copyright:
© 2018, Springer International Publishing AG, part of Springer Nature.
PY - 2018
Y1 - 2018
N2 - Internet Protocol (IP) cameras have become virtually omnipresent for organizations, businesses, and personal users across the world, for the purposes of providing physical security, increasing safety, and preventing crime. However, recent studies suggest that IP cameras contain less than ideal security and could be easily exploited by miscreants to infringe user privacy and cause even bigger threats. In this study, we focus on the IP cameras without any password protection. We conduct a large-scale empirical investigation of such IP cameras based on insecam.org, an online directory of IP cameras, which claims to be the largest one in the world. To this end, we have monitored the site and studied its dynamics with daily data collection over a continuous period of 18 days. We compute daily number of active IP cameras and new cameras on the site, and infer people’s usage habit of IP cameras. In addition, we perform a comprehensive characteristic analysis of IP cameras in terms of the most used TCP/UDP ports, manufactures, installation location, ISPs, and countries. Furthermore, we explore other possibly existing security issues with those cameras in addition to no password protection. We utilize an IP scanning tool to discover the hidden hosts and services on the internal network where a vulnerable IP camera is located, and then perform a vulnerability analysis. We believe our findings can provide valuable knowledge of the threat landscape that IP cameras are exposed to.
AB - Internet Protocol (IP) cameras have become virtually omnipresent for organizations, businesses, and personal users across the world, for the purposes of providing physical security, increasing safety, and preventing crime. However, recent studies suggest that IP cameras contain less than ideal security and could be easily exploited by miscreants to infringe user privacy and cause even bigger threats. In this study, we focus on the IP cameras without any password protection. We conduct a large-scale empirical investigation of such IP cameras based on insecam.org, an online directory of IP cameras, which claims to be the largest one in the world. To this end, we have monitored the site and studied its dynamics with daily data collection over a continuous period of 18 days. We compute daily number of active IP cameras and new cameras on the site, and infer people’s usage habit of IP cameras. In addition, we perform a comprehensive characteristic analysis of IP cameras in terms of the most used TCP/UDP ports, manufactures, installation location, ISPs, and countries. Furthermore, we explore other possibly existing security issues with those cameras in addition to no password protection. We utilize an IP scanning tool to discover the hidden hosts and services on the internal network where a vulnerable IP camera is located, and then perform a vulnerability analysis. We believe our findings can provide valuable knowledge of the threat landscape that IP cameras are exposed to.
KW - IP camera
KW - IoT security
KW - Vulnerability analysis
UR - http://www.scopus.com/inward/record.url?scp=85043577573&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=85043577573&partnerID=8YFLogxK
U2 - 10.1007/978-3-319-76481-8_4
DO - 10.1007/978-3-319-76481-8_4
M3 - Conference contribution
AN - SCOPUS:85043577573
SN - 9783319764801
T3 - Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
SP - 47
EP - 59
BT - Passive and Active Measurement - 19th International Conference, PAM 2018, Proceedings
A2 - Feldmann, Anja
A2 - Smaragdakis, Georgios
A2 - Beverly, Robert
PB - Springer Verlag
Y2 - 26 March 2018 through 27 March 2018
ER -