Abstract
Hidden cameras, also called spy cameras, are surveillance tools commonly used to spy on people without their knowledge. Whilst previous studies largely focused on investigating the detection of such a camera and the privacy implications, the security of the camera itself has received limited attention. Compared with ordinary IP cameras, spy cameras are normally sold in bulk at cheap prices and are ubiquitously deployed in hidden places within homes and workplaces. A security compromise of these cameras can have severe consequences. In this paper, we analyse a generic IP camera module, which has been packaged and re-branded for sale by several spy camera vendors. The module is controlled by mobile phone apps available on iOS and Android. By analysing the Android app and the traffic data, we reverse-engineered the security design of the whole system, including the module’s Linux OS environment, the file structure, the authentication mechanism, the session management, and the communication with a remote server. Serious vulnerabilities have been identified in every component. Combined together, these vulnerabilities allow an adversary to take complete control of a spy camera from anywhere over the Internet, enabling arbitrary code execution. This is possible even if the camera is behind a firewall. All that an adversary needs to launch an attack is the camera’s serial number, which users sometimes unknowingly share in online reviews. We responsibly disclosed our findings to the manufacturer. Whilst the manufacturer acknowledged our work, they showed no intention to fix the problems. Patching or recalling the affected cameras is infeasible due to complexities in the supply chain. However, it is prudent to assume that bad actors have already been exploiting these flaws. We provide details of the identified vulnerabilities in order to raise public awareness, especially on the grave danger of disclosing a spy camera’s serial number.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Notes
- 1.
In some newer devices, this is stored in /etc/config/.devpsd.
- 2.
We note that these hashes are unrelated to the device password used by the app to authenticate users. They are instead part of the internal Linux environment.
References
Abdalla, P.A., Varol, C.: Testing IoT security: the case study of an IP camera. In: 2020 8th International Symposium on Digital Forensics and Security (ISDFS), pp. 1–5. IEEE (2020)
Biondi, P., Bognanni, S., Bella, G.: Vulnerability assessment and penetration testing on IP camera. In: 8th International Conference on Internet of Things: Systems, Management and Security (IOTSMS), pp. 1–8. IEEE (2021)
Chaudhary, P.R., Narasimhan, A., Maiti, R.R.: Demystifying video traffic from IoT (spy) camera using undecrypted network traffic. In: Proceedings of the Twelfth ACM Conference on Data and Application Security and Privacy, pp. 361–363 (2022)
Cheng, Y., Ji, X., Lu, T., Xu, W.: DeWiCam: detecting hidden wireless cameras via smartphones. In: Proceedings of the 2018 on Asia Conference on Computer and Communications Security, pp. 1–13 (2018)
Cheng, Y., Ji, X., Lu, T., Xu, W.: On detecting hidden wireless cameras: a traffic pattern-based approach. IEEE Trans. Mob. Comput. 19(4), 907–921 (2019)
Cunningham, R., Tan, W.L.: Detection and localization of hidden Wi-Fi cameras. In: 2022 27th Asia Pacific Conference on Communications (APCC), pp. 12–17. IEEE (2022)
Dao, D., Salman, M., Noh, Y.: DeepDeSpy: a deep learning-based wireless spy camera detection system. IEEE Access 9, 145486–145497 (2021)
Janssen, D.: Many Airbnbs have cameras installed, especially in the US, Canada and Singapore. https://vpnoverview.com/news/camera-presence-airbnb-accommodations/. Accessed 09 Mar 2023
Laljee, F.: Using a nanny cam in the home. https://www.kidsitter.co.uk/blog/using-nanny-cam-in-the-home/. Accessed 09 Mar 2023
Github: Github Code Search. https://github.com/features/code-search. Accessed 04 Mar 2023
GNU: The GNU Awk User’s Guide. https://www.gnu.org/software/gawk/manual/gawk.html. Accessed 04 Mar 2023
Halkes, G., Pouwelse, J.: UDP NAT and firewall puncturing in the wild. In: Domingo-Pascual, J., Manzoni, P., Palazzo, S., Pont, A., Scoglio, C. (eds.) NETWORKING 2011. LNCS, vol. 6641, pp. 1–12. Springer, Heidelberg (2011). https://doi.org/10.1007/978-3-642-20798-3_1
Heo, J., et al.: Are there wireless hidden cameras spying on me? In: Proceedings of the 38th Annual Computer Security Applications Conference, pp. 714–726 (2022)
Lee, J., Seo, S., Yang, T., Park, S.: Ai-aided hidden camera detection and localization based on raw IoT network traffic. In: 2022 IEEE 47th Conference on Local Computer Networks (LCN), pp. 315–318. IEEE (2022)
Ling, Z., Liu, K., Xu, Y., Jin, Y., Fu, X.: An end-to-end view of IoT security and privacy. In: IEEE Global Communications Conference (GLOBECOM), pp. 1–7. IEEE (2017)
Liu, T., Liu, Z., Huang, J., Tan, R., Tan, Z.: Detecting wireless spy cameras via stimulating and probing. In: Proceedings of the 16th Annual International Conference on Mobile Systems, Applications, and Services, pp. 243–255 (2018)
Liu, Z., et al.: CamRadar: hidden camera detection leveraging amplitude-modulated sensor images embedded in electromagnetic emanations. Proc. ACM Interact. Mob. Wear. Ubiquit. Technol. 6(4), 1–25 (2023)
Provos, N., Mazieres, D.: A future-adaptable password scheme. In: USENIX Annual Technical Conference, FREENIX Track, vol. 1999, pp. 81–91 (1999)
Salman, M., Dao, N., Lee, U., Noh, Y.: CSI: DeSpy: enabling effortless spy camera detection via passive sensing of user activities and bitrate variations. Proc. ACM Interact. Mob. Wear. Ubiquit. Technol. 6(2), 1–27 (2022)
Sami, S., Tan, S.R.X., Sun, B., Han, J.: LAPD: hidden spy camera detection using smartphone time-of-flight sensors. In: Proceedings of the 19th ACM Conference on Embedded Networked Sensor Systems, pp. 288–301 (2021)
Sindhu, K., Subhashini, R., Gowri, S., Vimali, J.: A women safety portable hidden camera detector and jammer. In: 2018 3rd International Conference on Communication and Electronics Systems (ICCES), pp. 1187–1189. IEEE (2018)
Sourcegraph: Sourcegraph. https://sourcegraph.com. Accessed 04 Mar 2023
Thread Group: Thread specification. https://www.threadgroup.org/support#specifications. Accessed 09 Mar 2023
Yu, Z., Li, Z., Chang, Y., Fong, S., Liu, J., Zhang, N.: HeatDeCam: detecting hidden spy cameras via thermal emissions. In: Proceedings of the 2022 ACM SIGSAC Conference on Computer and Communications Security, pp. 3107–3120 (2022)
Acknowledgements
The second author is supported by Royal Society (ICA\(\backslash \)R1\(\backslash \)180226) and EPSRC (EP/T014784/1).
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2023 The Author(s), under exclusive license to Springer Nature Switzerland AG
About this paper
Cite this paper
Herodotou, S., Hao, F. (2023). Spying on the Spy: Security Analysis of Hidden Cameras. In: Li, S., Manulis, M., Miyaji, A. (eds) Network and System Security. NSS 2023. Lecture Notes in Computer Science, vol 13983. Springer, Cham. https://doi.org/10.1007/978-3-031-39828-5_19
Download citation
DOI: https://doi.org/10.1007/978-3-031-39828-5_19
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-031-39827-8
Online ISBN: 978-3-031-39828-5
eBook Packages: Computer ScienceComputer Science (R0)