Internet Protocol Cameras with No Password Protection

An Empirical Investigation

Haitao Xu, Fengyuan Xu*, Bo Chen

*Corresponding author for this work

Research output: Chapter in Book/Report/Conference proceedingConference contribution

Abstract

Internet Protocol (IP) cameras have become virtually omnipresent for organizations, businesses, and personal users across the world, for the purposes of providing physical security, increasing safety, and preventing crime. However, recent studies suggest that IP cameras contain less than ideal security and could be easily exploited by miscreants to infringe user privacy and cause even bigger threats. In this study, we focus on the IP cameras without any password protection. We conduct a large-scale empirical investigation of such IP cameras based on insecam.org, an online directory of IP cameras, which claims to be the largest one in the world. To this end, we have monitored the site and studied its dynamics with daily data collection over a continuous period of 18 days. We compute daily number of active IP cameras and new cameras on the site, and infer people’s usage habit of IP cameras. In addition, we perform a comprehensive characteristic analysis of IP cameras in terms of the most used TCP/UDP ports, manufactures, installation location, ISPs, and countries. Furthermore, we explore other possibly existing security issues with those cameras in addition to no password protection. We utilize an IP scanning tool to discover the hidden hosts and services on the internal network where a vulnerable IP camera is located, and then perform a vulnerability analysis. We believe our findings can provide valuable knowledge of the threat landscape that IP cameras are exposed to.

Original languageEnglish (US)
Title of host publicationPassive and Active Measurement - 19th International Conference, PAM 2018, Proceedings
EditorsAnja Feldmann, Georgios Smaragdakis, Robert Beverly
PublisherSpringer Verlag
Pages47-59
Number of pages13
ISBN (Print)9783319764801
DOIs
StatePublished - Jan 1 2018
Event19th International Conference on Passive and Active Measurement, PAM 2018 - Berlin, Germany
Duration: Mar 26 2018Mar 27 2018

Publication series

NameLecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
Volume10771 LNCS
ISSN (Print)0302-9743
ISSN (Electronic)1611-3349

Other

Other19th International Conference on Passive and Active Measurement, PAM 2018
CountryGermany
CityBerlin
Period3/26/183/27/18

Fingerprint

Internet protocols
Password
Camera
Cameras
Crime
Vulnerability
Privacy
Scanning
Safety

Keywords

  • IP camera
  • IoT security
  • Vulnerability analysis

ASJC Scopus subject areas

  • Theoretical Computer Science
  • Computer Science(all)

Cite this

Xu, H., Xu, F., & Chen, B. (2018). Internet Protocol Cameras with No Password Protection: An Empirical Investigation. In A. Feldmann, G. Smaragdakis, & R. Beverly (Eds.), Passive and Active Measurement - 19th International Conference, PAM 2018, Proceedings (pp. 47-59). (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics); Vol. 10771 LNCS). Springer Verlag. https://doi.org/10.1007/978-3-319-76481-8_4
Xu, Haitao ; Xu, Fengyuan ; Chen, Bo. / Internet Protocol Cameras with No Password Protection : An Empirical Investigation. Passive and Active Measurement - 19th International Conference, PAM 2018, Proceedings. editor / Anja Feldmann ; Georgios Smaragdakis ; Robert Beverly. Springer Verlag, 2018. pp. 47-59 (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)).
@inproceedings{7bf62af3c27a4872b45d6d10110cfd6a,
title = "Internet Protocol Cameras with No Password Protection: An Empirical Investigation",
abstract = "Internet Protocol (IP) cameras have become virtually omnipresent for organizations, businesses, and personal users across the world, for the purposes of providing physical security, increasing safety, and preventing crime. However, recent studies suggest that IP cameras contain less than ideal security and could be easily exploited by miscreants to infringe user privacy and cause even bigger threats. In this study, we focus on the IP cameras without any password protection. We conduct a large-scale empirical investigation of such IP cameras based on insecam.org, an online directory of IP cameras, which claims to be the largest one in the world. To this end, we have monitored the site and studied its dynamics with daily data collection over a continuous period of 18 days. We compute daily number of active IP cameras and new cameras on the site, and infer people’s usage habit of IP cameras. In addition, we perform a comprehensive characteristic analysis of IP cameras in terms of the most used TCP/UDP ports, manufactures, installation location, ISPs, and countries. Furthermore, we explore other possibly existing security issues with those cameras in addition to no password protection. We utilize an IP scanning tool to discover the hidden hosts and services on the internal network where a vulnerable IP camera is located, and then perform a vulnerability analysis. We believe our findings can provide valuable knowledge of the threat landscape that IP cameras are exposed to.",
keywords = "IP camera, IoT security, Vulnerability analysis",
author = "Haitao Xu and Fengyuan Xu and Bo Chen",
year = "2018",
month = "1",
day = "1",
doi = "10.1007/978-3-319-76481-8_4",
language = "English (US)",
isbn = "9783319764801",
series = "Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)",
publisher = "Springer Verlag",
pages = "47--59",
editor = "Anja Feldmann and Georgios Smaragdakis and Robert Beverly",
booktitle = "Passive and Active Measurement - 19th International Conference, PAM 2018, Proceedings",
address = "Germany",

}

Xu, H, Xu, F & Chen, B 2018, Internet Protocol Cameras with No Password Protection: An Empirical Investigation. in A Feldmann, G Smaragdakis & R Beverly (eds), Passive and Active Measurement - 19th International Conference, PAM 2018, Proceedings. Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics), vol. 10771 LNCS, Springer Verlag, pp. 47-59, 19th International Conference on Passive and Active Measurement, PAM 2018, Berlin, Germany, 3/26/18. https://doi.org/10.1007/978-3-319-76481-8_4

Internet Protocol Cameras with No Password Protection : An Empirical Investigation. / Xu, Haitao; Xu, Fengyuan; Chen, Bo.

Passive and Active Measurement - 19th International Conference, PAM 2018, Proceedings. ed. / Anja Feldmann; Georgios Smaragdakis; Robert Beverly. Springer Verlag, 2018. p. 47-59 (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics); Vol. 10771 LNCS).

Research output: Chapter in Book/Report/Conference proceedingConference contribution

TY - GEN

T1 - Internet Protocol Cameras with No Password Protection

T2 - An Empirical Investigation

AU - Xu, Haitao

AU - Xu, Fengyuan

AU - Chen, Bo

PY - 2018/1/1

Y1 - 2018/1/1

N2 - Internet Protocol (IP) cameras have become virtually omnipresent for organizations, businesses, and personal users across the world, for the purposes of providing physical security, increasing safety, and preventing crime. However, recent studies suggest that IP cameras contain less than ideal security and could be easily exploited by miscreants to infringe user privacy and cause even bigger threats. In this study, we focus on the IP cameras without any password protection. We conduct a large-scale empirical investigation of such IP cameras based on insecam.org, an online directory of IP cameras, which claims to be the largest one in the world. To this end, we have monitored the site and studied its dynamics with daily data collection over a continuous period of 18 days. We compute daily number of active IP cameras and new cameras on the site, and infer people’s usage habit of IP cameras. In addition, we perform a comprehensive characteristic analysis of IP cameras in terms of the most used TCP/UDP ports, manufactures, installation location, ISPs, and countries. Furthermore, we explore other possibly existing security issues with those cameras in addition to no password protection. We utilize an IP scanning tool to discover the hidden hosts and services on the internal network where a vulnerable IP camera is located, and then perform a vulnerability analysis. We believe our findings can provide valuable knowledge of the threat landscape that IP cameras are exposed to.

AB - Internet Protocol (IP) cameras have become virtually omnipresent for organizations, businesses, and personal users across the world, for the purposes of providing physical security, increasing safety, and preventing crime. However, recent studies suggest that IP cameras contain less than ideal security and could be easily exploited by miscreants to infringe user privacy and cause even bigger threats. In this study, we focus on the IP cameras without any password protection. We conduct a large-scale empirical investigation of such IP cameras based on insecam.org, an online directory of IP cameras, which claims to be the largest one in the world. To this end, we have monitored the site and studied its dynamics with daily data collection over a continuous period of 18 days. We compute daily number of active IP cameras and new cameras on the site, and infer people’s usage habit of IP cameras. In addition, we perform a comprehensive characteristic analysis of IP cameras in terms of the most used TCP/UDP ports, manufactures, installation location, ISPs, and countries. Furthermore, we explore other possibly existing security issues with those cameras in addition to no password protection. We utilize an IP scanning tool to discover the hidden hosts and services on the internal network where a vulnerable IP camera is located, and then perform a vulnerability analysis. We believe our findings can provide valuable knowledge of the threat landscape that IP cameras are exposed to.

KW - IP camera

KW - IoT security

KW - Vulnerability analysis

UR - http://www.scopus.com/inward/record.url?scp=85043577573&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=85043577573&partnerID=8YFLogxK

U2 - 10.1007/978-3-319-76481-8_4

DO - 10.1007/978-3-319-76481-8_4

M3 - Conference contribution

SN - 9783319764801

T3 - Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)

SP - 47

EP - 59

BT - Passive and Active Measurement - 19th International Conference, PAM 2018, Proceedings

A2 - Feldmann, Anja

A2 - Smaragdakis, Georgios

A2 - Beverly, Robert

PB - Springer Verlag

ER -

Xu H, Xu F, Chen B. Internet Protocol Cameras with No Password Protection: An Empirical Investigation. In Feldmann A, Smaragdakis G, Beverly R, editors, Passive and Active Measurement - 19th International Conference, PAM 2018, Proceedings. Springer Verlag. 2018. p. 47-59. (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)). https://doi.org/10.1007/978-3-319-76481-8_4