Spying on the Spy: Security Analysis of Hidden Cameras

International Conference on Network and System Security Pub Date : 2023-06-01 DOI:10.48550/arXiv.2306.00610

Samuel Herodotou, F. Hao

{"title":"Spying on the Spy: Security Analysis of Hidden Cameras","authors":"Samuel Herodotou, F. Hao","doi":"10.48550/arXiv.2306.00610","DOIUrl":null,"url":null,"abstract":"Hidden cameras, also called spy cameras, are surveillance tools commonly used to spy on people without their knowledge. Whilst previous studies largely focused on investigating the detection of such a camera and the privacy implications, the security of the camera itself has received limited attention. Compared with ordinary IP cameras, spy cameras are normally sold in bulk at cheap prices and are ubiquitously deployed in hidden places within homes and workplaces. A security compromise of these cameras can have severe consequences. In this paper, we analyse a generic IP camera module, which has been packaged and re-branded for sale by several spy camera vendors. The module is controlled by mobile phone apps. By analysing the Android app and the traffic data, we reverse-engineered the security design of the whole system, including the module's Linux OS environment, the file structure, the authentication mechanism, the session management, and the communication with a remote server. Serious vulnerabilities have been identified in every component. Combined together, they allow an adversary to take complete control of a spy camera from anywhere over the Internet, enabling arbitrary code execution. This is possible even if the camera is behind a firewall. All that an adversary needs to launch an attack is the camera's serial number, which users sometimes unknowingly share in online reviews. We responsibly disclosed our findings to the manufacturer. Whilst the manufacturer acknowledged our work, they showed no intention to fix the problems. Patching or recalling the affected cameras is infeasible due to complexities in the supply chain. However, it is prudent to assume that bad actors have already been exploiting these flaws. We provide details of the identified vulnerabilities in order to raise public awareness, especially on the grave danger of disclosing a spy camera's serial number.","PeriodicalId":287438,"journal":{"name":"International Conference on Network and System Security","volume":"8 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2023-06-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"International Conference on Network and System Security","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.48550/arXiv.2306.00610","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 0

Abstract

Hidden cameras, also called spy cameras, are surveillance tools commonly used to spy on people without their knowledge. Whilst previous studies largely focused on investigating the detection of such a camera and the privacy implications, the security of the camera itself has received limited attention. Compared with ordinary IP cameras, spy cameras are normally sold in bulk at cheap prices and are ubiquitously deployed in hidden places within homes and workplaces. A security compromise of these cameras can have severe consequences. In this paper, we analyse a generic IP camera module, which has been packaged and re-branded for sale by several spy camera vendors. The module is controlled by mobile phone apps. By analysing the Android app and the traffic data, we reverse-engineered the security design of the whole system, including the module's Linux OS environment, the file structure, the authentication mechanism, the session management, and the communication with a remote server. Serious vulnerabilities have been identified in every component. Combined together, they allow an adversary to take complete control of a spy camera from anywhere over the Internet, enabling arbitrary code execution. This is possible even if the camera is behind a firewall. All that an adversary needs to launch an attack is the camera's serial number, which users sometimes unknowingly share in online reviews. We responsibly disclosed our findings to the manufacturer. Whilst the manufacturer acknowledged our work, they showed no intention to fix the problems. Patching or recalling the affected cameras is infeasible due to complexities in the supply chain. However, it is prudent to assume that bad actors have already been exploiting these flaws. We provide details of the identified vulnerabilities in order to raise public awareness, especially on the grave danger of disclosing a spy camera's serial number.

查看原文本刊更多论文

监视间谍:隐藏摄像机的安全分析

隐蔽摄像头，也叫间谍摄像头，是一种常用的监视工具，在人们不知情的情况下监视他们。虽然以前的研究主要集中在调查这种摄像头的检测和隐私影响，但摄像头本身的安全性却受到了有限的关注。与普通的IP摄像机相比，间谍摄像机通常以便宜的价格批量销售，并且无处不在地部署在家庭和工作场所的隐蔽地方。这些摄像机的安全漏洞可能会造成严重的后果。在本文中，我们分析了一种通用的网络摄像机模块，它已经被几个间谍摄像机供应商包装和重新命名为销售。该模块由手机应用程序控制。通过对Android应用程序和流量数据的分析，我们对整个系统的安全设计进行了逆向工程，包括模块的Linux操作系统环境、文件结构、认证机制、会话管理以及与远程服务器的通信。每个组件中都发现了严重的漏洞。结合在一起，它们允许对手从互联网上的任何地方完全控制间谍摄像机，从而实现任意代码的执行。即使摄像头在防火墙后面，这也是可能的。攻击者发动攻击所需要的只是摄像头的序列号，用户有时会在不知情的情况下在网上评论中分享这个序列号。我们负责任地向制造商披露了我们的发现。虽然制造商承认我们的工作，但他们没有表现出解决问题的意图。由于供应链的复杂性，修补或召回受影响的相机是不可行的。然而，谨慎地假设不良行为者已经在利用这些缺陷。我们提供已识别漏洞的详细信息，以提高公众的意识，特别是泄露间谍相机序列号的严重危险。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

International Conference on Network and System Security

自引率

0.00%

发文量