Internet Protocol Cameras with No Password Protection: An Empirical Investigation
作者: Haitao Xu , Fengyuan Xu , Bo Chen
DOI: 10.1007/978-3-319-76481-8_4
关键词:
摘要: Internet Protocol (IP) cameras have become virtually omnipresent for organizations, businesses, and personal users across the world, purposes of providing physical security, increasing safety, preventing crime. However, recent studies suggest that IP contain less than ideal security could be easily exploited by miscreants to infringe user privacy cause even bigger threats. In this study, we focus on without any password protection. We conduct a large-scale empirical investigation such based insecam.org, an online directory cameras, which claims largest one in world. To end, monitored site studied its dynamics with daily data collection over continuous period 18 days. compute number active new site, infer people’s usage habit cameras. addition, perform comprehensive characteristic analysis terms most used TCP/UDP ports, manufactures, installation location, ISPs, countries. Furthermore, explore other possibly existing issues those addition no utilize scanning tool discover hidden hosts services internal network where vulnerable camera is located, then vulnerability analysis. believe our findings can provide valuable knowledge threat landscape are exposed to.
springer.com
elsevier.com
sci-hub.st 参考文章(6)
William Campbell, Security Of Internet Protocol Cameras – A Case Example ,(2013) , 10.4225/75/57B3C06EFB868
Katherine Albrecht, Liz Mcintyre, Privacy Nightmare: When Baby Monitors Go Bad [Opinion] IEEE Technology and Society Magazine. ,vol. 34, pp. 14- 19 ,(2015) , 10.1109/MTS.2015.2476830
Andrei Costin, Security of CCTV and Video Surveillance Systems: Threats, Vulnerabilities, Attacks, and Mitigations workshop on trustworthy embedded devices. pp. 45- 54 ,(2016) , 10.1145/2995289.2995290
Nick Feamster, Dillon Reisman, Noah J. Apthorpe, A Smart Home is No Castle: Privacy Vulnerabilities of Encrypted IoT Traffic arXiv: Cryptography and Security. ,(2017)
Manos Antonakakis Tim April, Michael Bailey, Matthew Bernhard, Elie Bursztein, Jaime Cochran, Zakir Durumeric, J Alex Halderman, Luca Invernizzi, Michalis Kallitsis, Deepak Kumar, Chaz Lever Zane Ma, Joshua Mason, Damian Menscher, Chad Seaman, Nick Sullivan, Kurt Thomas, Yi Zhou, None, Understanding the mirai botnet usenix security symposium. pp. 1093- 1110 ,(2017)
Nadav Rotenberg, Haya Shulman, Michael Waidner, Benjamin Zeltser, Authentication-Bypass Vulnerabilities in SOHO Routers acm special interest group on data communication. pp. 68- 70 ,(2017) , 10.1145/3123878.3131989