Eric Blancaflor
ABSTRACT
The constant need for security has paved the way for the use of IP Cameras and CCTVs. Given that everyone now has an internet, IP cameras have become more popular as it allows Real-Time Streaming Protocol (RTSP) which grants the user video and audio streaming over the internet. This allows for pausing, playing, and recording video and audio data for later usage. Despite its popularity, RTSP has multiple vulnerabilities which pose a security risk for its users. Although multiple studies are exploring these risks, there is a lack of understanding about the specific ways that these vulnerabilities are exploited. This paper discussed the possible specific attacks, impacts, and mitigations that could occur on an RTSP-enabled IP Camera. Based on the gathered studies, four vulnerabilities were found: (1) Unencrypted URL of the Streaming Server; (2) Unencrypted User Account, Wi-Fi, and RTSP credentials; (3) Unsecured System and Lack of Security Measures for Input Validations for RTSP requests; and (4) Improper Quality Assurance of Firmwares. These vulnerabilities lead to attacks such as Packet Sniffing, Man in the Middle Attacks, Denial of Service, and Brute Force Dictionary Attacks. Additionally, the impacts of these attacks were explored as well, such as loss and theft of data, service disruption, and brand reputational risks. Mitigations for these attacks and exploited vulnerabilities include the following: Utilizing OpenSSL to provide encryption and authentication of data over the networks, Implementing Cryptography-based APIs in the system development, Implementing an Access Control List to control authentication, changing default passwords to strong passwords, updating softwares and firmwares to ensure patches are applied, and making use of secure authentication modules that implement hashing algorithms, QR codes, and other authentication values.
- Naor Kalbo, Yisroel Mirsky, Asaf Shabtai, and Yuval Elovici. 2020. The Security of IP-Based Video Surveillance Systems. Sensors 20, 17 (August 2020), 4806. DOI:https://doi.org/10.3390/s20174806Google Scholar
Cross Ref
- Pietro Biondi, Stefano Bognanni, and Giampaolo Bella. 2021. Vulnerability Assessment and Penetration Testing on IP camera. In 2021 8th International Conference on Internet of Things: Systems, Management and Security (IOTSMS), IEEE, Gandia, Spain, 1–8. DOI:https://doi.org/10.1109/IOTSMS53705.2021.9704890Google ScholarCross Ref
- Schulzrinne, H., Rao, A., Lanphier, R., Westerlund, M., Ericsson, & Stiemerling, M. (2011). Real-Time Streaming Protocol Version 2.0. RFC 7826. Retrieved from https://www.rfc-editor.org/rfc/rfc7826.htmlGoogle Scholar
- Gradimirka Popovic, Nebojsa Arsic, Branimir Jaksic, Boris Gara, and Mile Petrovic. 2013. Overview, Characteristics and Advantages of IP Camera Video Surveillance Systems Compared to Systems with other Kinds of Camera. International Journal of Engineering Science and Innovative Technology (IJESIT) 2, 5 (2013).Google Scholar
- Wayne Hahne. 2022. What is the difference between an IP camera and CCTV? A1SecurityCameras. Retrieved from https://www.a1securitycameras.com/blog/what-is-the-difference-between-an-ip-camera-and-cctv/Google Scholar
- Yogeesh Seralathan, Tae Tom Oh, Suyash Jadhav, Jonathan Myers, Jaehoon Paul Jeong, Young Ho Kim, and Jeong Neyo Kim. 2018. IoT security vulnerability: A case study of a Web camera. In 2018 20th International Conference on Advanced Communication Technology (ICACT), IEEE, Chuncheon-si Gangwon-do, Korea (South), 172–177. DOI:https://doi.org/10.23919/ICACT.2018.8323686Google ScholarCross Ref
- A. O. Prokofiev, Y. S. Smirnova, and D. S. Silnov. 2017. Examination of cybercriminal behaviour while interacting with the RTSP-Server. In 2017 International Conference on Industrial Engineering, Applications and Manufacturing (ICIEAM), IEEE, Saint Petersburg, Russia, 1–4. DOI:https://doi.org/10.1109/ICIEAM.2017.8076437Google ScholarCross Ref
- Bitdefender. 2015. Remote Exploitation of the NeoCoolcam IP Cameras and Gateway. Retrieved from https://www.bitdefender.com/files/News/CaseStudies/study/165/Bitdefender-Whitepaper-NeoCoolCam.pdfGoogle Scholar
- Alexander Manske. 2019. Conducting a Vulnerability Assessment of an IP Camera. Retrieved from https://www.diva-portal.org/smash/get/diva2:1336667/FULLTEXT01.pdfGoogle Scholar
- James Walden and Northern Kentucky University. 2020. The Impact of a Major Security Event on an Open Source Project: The Case of OpenSSL. (2020).Google Scholar
- Preethi Vennam, T C Pramod, B M Thippeswamy, and Yong-guk Kim. 2021. applied sciences Attacks and Preventive Measures on Video Surveillance Systems: A Review. (2021).Google Scholar
- Thomas Doughty, Nauman Israr, and Usman Adeel. 2019. Vulnerability Analysis of IP Cameras Using ARP Poisoning. In 8th International Conference on Soft Computing, Artificial Intelligence and Applications, Aircc Publishing Corporation, 163–172. DOI:https://doi.org/10.5121/csit.2019.90712Google ScholarCross Ref
- M. Yıldırım and I. Mackie. 2019. Encouraging users to improve password security and memorability. Int. J. Inf. Secur. 18, 6 (December 2019), 741–759. DOI:https://doi.org/10.1007/s10207-019-00429-yGoogle ScholarDigital Library
- Devang Thakar and Hepi Suthar. 2020. Mitigation for Brute Force Attack against IP/CCTV Camera Login. Ijraset 8, III (2020).Google Scholar
Index Terms
- Exploring the Attacks, Impacts, and Mitigations in a Real-Time Streaming Protocol Service of IP Cameras
Recommendations
A Survey on Denial of Service Attacks and Preclusions
ICIA-16: Proceedings of the International Conference on Informatics and AnalyticsSecurity is concerned with protecting assets. The aspects of security can be applied to any situation- defense, detection and deterrence. Network security plays important role of protecting information, hardware and software on a computer network. ...
Denial of service attacks in edge computing layers: Taxonomy, vulnerabilities, threats and solutions
AbstractEdge computing has emerged as the dominant communication technology connecting IoT and cloud, offering reduced latency and harnessing the potential of edge devices. However, its widespread adoption has also introduced various security ...
A survey of detection methods for XSS attacks
AbstractCross-site scripting attack (abbreviated as XSS) is an unremitting problem for the Web applications since the early 2000s. It is a code injection attack on the client-side where an attacker injects malicious payload into a vulnerable ...
Comments