Internet Protocol Cameras with No Password Protection: An Empirical Investigation

Haitao Xu, Fengyuan Xu, Bo Chen

Research output: Chapter in Book/Report/Conference proceedingConference contribution

4 Scopus citations

Abstract

Internet Protocol (IP) cameras have become virtually omnipresent for organizations, businesses, and personal users across the world, for the purposes of providing physical security, increasing safety, and preventing crime. However, recent studies suggest that IP cameras contain less than ideal security and could be easily exploited by miscreants to infringe user privacy and cause even bigger threats. In this study, we focus on the IP cameras without any password protection. We conduct a large-scale empirical investigation of such IP cameras based on insecam.org, an online directory of IP cameras, which claims to be the largest one in the world. To this end, we have monitored the site and studied its dynamics with daily data collection over a continuous period of 18 days. We compute daily number of active IP cameras and new cameras on the site, and infer people’s usage habit of IP cameras. In addition, we perform a comprehensive characteristic analysis of IP cameras in terms of the most used TCP/UDP ports, manufactures, installation location, ISPs, and countries. Furthermore, we explore other possibly existing security issues with those cameras in addition to no password protection. We utilize an IP scanning tool to discover the hidden hosts and services on the internal network where a vulnerable IP camera is located, and then perform a vulnerability analysis. We believe our findings can provide valuable knowledge of the threat landscape that IP cameras are exposed to.

Original languageEnglish (US)
Title of host publicationPassive and Active Measurement - 19th International Conference, PAM 2018, Proceedings
EditorsAnja Feldmann, Georgios Smaragdakis, Robert Beverly
PublisherSpringer Verlag
Pages47-59
Number of pages13
ISBN (Print)9783319764801
DOIs
StatePublished - Jan 1 2018
Externally publishedYes
Event19th International Conference on Passive and Active Measurement, PAM 2018 - Berlin, Germany
Duration: Mar 26 2018Mar 27 2018

Publication series

NameLecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
Volume10771 LNCS
ISSN (Print)0302-9743
ISSN (Electronic)1611-3349

Conference

Conference19th International Conference on Passive and Active Measurement, PAM 2018
CountryGermany
CityBerlin
Period3/26/183/27/18

Keywords

  • IoT security
  • IP camera
  • Vulnerability analysis

ASJC Scopus subject areas

  • Theoretical Computer Science
  • Computer Science(all)

Fingerprint Dive into the research topics of 'Internet Protocol Cameras with No Password Protection: An Empirical Investigation'. Together they form a unique fingerprint.

  • Cite this

    Xu, H., Xu, F., & Chen, B. (2018). Internet Protocol Cameras with No Password Protection: An Empirical Investigation. In A. Feldmann, G. Smaragdakis, & R. Beverly (Eds.), Passive and Active Measurement - 19th International Conference, PAM 2018, Proceedings (pp. 47-59). (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics); Vol. 10771 LNCS). Springer Verlag. https://doi.org/10.1007/978-3-319-76481-8_4