|
|
|
Nowadays, the rapid growth of cloud computing and IoT enabled services among multiple organizations bring both promising prospects and security & privacy challenges. IP cameras have become a top target for hackers because of their relatively high computing power and good internet traffic throughput. To understand the risks of these threats requires learning about IP cameras–where are they, how many are there? Active scanning is considered to be an effective way, like SHODAN. However, deployment of smart cameras in the network address translation (NAT) environments with dynamic locations is usually desired. To find these Invisible Cameras, CAMHUNTER: (i) introduces three statements of smart cameras when they are online, (ii) concludes the most popular smart cameras in China have very similar communication patterns, (iii) proposes a model to detect smart cameras in a passive way constructed by nineteen feature sets, and (iv) raises the alarms for the IoT manufacturers. Our real-world experiments demonstrate the effectiveness of CAMHUNTER on finding smart cameras even if they are NAT-behind and using encrypted connections like TLS or private protocol. We argue that CAMHUNTER represents an important view of IoT security and privacy, and it can guide the effort of designing and protecting smart cameras.
|