Skip to main content
Springer Nature Link
Log in

Internet Protocol Cameras with No Password Protection: An Empirical Investigation

  • Conference paper
  • First Online:
Passive and Active Measurement (PAM 2018)

Part of the book series: Lecture Notes in Computer Science ((LNCCN,volume 10771))

Included in the following conference series:

Abstract

Internet Protocol (IP) cameras have become virtually omnipresent for organizations, businesses, and personal users across the world, for the purposes of providing physical security, increasing safety, and preventing crime. However, recent studies suggest that IP cameras contain less than ideal security and could be easily exploited by miscreants to infringe user privacy and cause even bigger threats. In this study, we focus on the IP cameras without any password protection. We conduct a large-scale empirical investigation of such IP cameras based on insecam.org, an online directory of IP cameras, which claims to be the largest one in the world. To this end, we have monitored the site and studied its dynamics with daily data collection over a continuous period of 18 days. We compute daily number of active IP cameras and new cameras on the site, and infer people’s usage habit of IP cameras. In addition, we perform a comprehensive characteristic analysis of IP cameras in terms of the most used TCP/UDP ports, manufactures, installation location, ISPs, and countries. Furthermore, we explore other possibly existing security issues with those cameras in addition to no password protection. We utilize an IP scanning tool to discover the hidden hosts and services on the internal network where a vulnerable IP camera is located, and then perform a vulnerability analysis. We believe our findings can provide valuable knowledge of the threat landscape that IP cameras are exposed to.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution

Subscribe and save

Springer+ Basic
$34.99 /Month
  • Get 10 units per month
  • Download Article/Chapter or eBook
  • 1 Unit = 1 Article or 1 Chapter
  • Cancel anytime
Subscribe now

Buy Now

Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Similar content being viewed by others

Notes

  1. 1.

    There are 39 different timezones currently in use in the world [6].

  2. 2.

    Active IP cameras refer to the IP cameras whose video feeds are accessible online.

References

  1. Angry IP Scanner. http://angryip.org/

  2. Apache web server CVE vulnerabilities. https://goo.gl/FaWh8y

  3. Boa (web server): https://goo.gl/6d251V

  4. Breaking Down Mirai: An IoT DDoS Botnet Analysis. https://goo.gl/7VcfMh

  5. DB-IP: IP Geolocation and Network Intelligence. https://db-ip.com/

  6. How Many Time Zones Are There? https://goo.gl/fWwFxQ

  7. Insecam - World biggest online cameras directory. http://www.insecam.org/

  8. Insecam Displays Unsecured Webcams Worldwide. https://goo.gl/hBqpni

  9. The Botnet That Broke the Internet Isn’t Going Away. https://goo.gl/VqFi7f

  10. Webcam ‘creepshot’ pictures shared on Reddit. https://goo.gl/ffKtTK

  11. Website spies on thousands of people. https://goo.gl/SdbVcc

  12. Albrecht, K., Mcintyre, L.: Privacy nightmare: when baby monitors go bad [opinion]. IEEE Technol. Soc. Mag. 34(3), 14–19 (2015)

    Article  Google Scholar 

  13. Amokrane, A.: Internet of things: security issues, challenges and directions. In: C&ESAR 2016, p. 70 (2016)

    Google Scholar 

  14. Antonakakis, M., et al.: Understanding the mirai botnet. In: USENIX Security 2017 (2017)

    Google Scholar 

  15. Apthorpe, N., Reisman, D., Feamster, N.: A smart home is no castle: privacy vulnerabilities of encrypted IoT traffic. arXiv preprint arXiv:1705.06805 (2017)

  16. Campbell, W.: Security of internet protocol cameras-a case example (2013)

    Google Scholar 

  17. Costin, A.: Security of CCTV and video surveillance systems: threats, vulnerabilities, attacks, and mitigations. In: TrustED, pp. 45–54. ACM (2016)

    Google Scholar 

  18. Rotenberg, N., Shulman, H., Waidner, M., Zeltser, B.: Authentication-bypass vulnerabilities in SOHO routers. In: SIGCOMM Posters and Demos (2017)

    Google Scholar 

  19. Stanislav, M., Beardsley, T.: Hacking IoT: a case study on baby monitor exposures and vulnerabilities. Rapid 7 (2015)

    Google Scholar 

Download references

Acknowledgement

We would like to thank our shepherd Mark Gondree and anonymous reviewers for their insightful and detailed comments. This work was partially supported by Microsoft Research Asia, CCF-NSFOCUS Kunpeng Research Fund, and Alipay Research Fund. Any opinions, findings, and conclusions or recommendations expressed in this material are those of the authors and do not necessarily reflect the views of the funding agencies. The co-author F. Xu is the contact author.

Author information

Authors and Affiliations

  1. Northwestern University, Evanston, IL, 60201, USA

    Haitao Xu

  2. National Key Laboratory for Novel Software Technology, Nanjing University, Nanjing, China

    Fengyuan Xu

  3. Michigan Technological University, Houghton, MI, 49931, USA

    Bo Chen

Authors
  1. Haitao Xu
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Fengyuan Xu
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Bo Chen
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Fengyuan Xu .

Editor information

Editors and Affiliations

  1. Naval Postgraduate School, Monterey, California, USA

    Robert Beverly

  2. Technical University of Berlin, Berlin, Germany

    Georgios Smaragdakis

  3. Max Planck Institute for Informatics, Saarbrücken, Germany

    Anja Feldmann

Rights and permissions

Reprints and permissions

Copyright information

© 2018 Springer International Publishing AG, part of Springer Nature

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Xu, H., Xu, F., Chen, B. (2018). Internet Protocol Cameras with No Password Protection: An Empirical Investigation. In: Beverly, R., Smaragdakis, G., Feldmann, A. (eds) Passive and Active Measurement. PAM 2018. Lecture Notes in Computer Science(), vol 10771. Springer, Cham. https://doi.org/10.1007/978-3-319-76481-8_4

Download citation

  • DOI: https://doi.org/10.1007/978-3-319-76481-8_4

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-319-76480-1

  • Online ISBN: 978-3-319-76481-8

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics