Jinke Song,Qiang Li,Haining Wang,Limin Sun

DOI: https://doi.org/10.1145/3379471

2020-01-01

Proceedings of the ACM on Measurement and Analysis of Computing Systems

Abstract:Given the central role of webcams in monitoring physical surroundings, it behooves the research community to understand the characteristics of webcams' distribution and their privacy/security implications. In this paper, we conduct the first systematic study on live webcams from both aggregation sites and individual webcams (webpages/IP hosts). We propose a series of efficient, automated techniques for detecting and fingerprinting live webcams. In particular, we leverage distributed algorithms to detect aggregation sites and generate webcam fingerprints by utilizing the Graphical User Interface (GUI) of the built-in web server of a device. Overall, we observe 0.85 million webpages from aggregation sites hosting live webcams and 2.2 million live webcams in the public IPv4 space. Our study reveals that aggregation sites have a typical long-tail distribution in hosting live streams (5.8% of sites contain 90.44% of live streaming contents), and 85.4% of aggregation websites scrape webcams from others. Further, we observe that (1) 277,239 webcams from aggregation sites and IP hosts (11.7%) directly expose live streams to the public, (2) aggregation sites expose 187,897 geolocation names and more detailed 23,083 longitude/latitude pairs of webcams, (3) the default usernames and passwords of 38,942 webcams are visible on aggregation sites in plaintext, and (4) 1,237 webcams are detected as having been compromised to conduct malicious behaviors.

Yushi Cheng,Xiaoyu Ji,Tianyang Lu,Wenyuan Xu

DOI: https://doi.org/10.1109/tmc.2019.2900919

IF: 6.075

2019-01-01

IEEE Transactions on Mobile Computing

Abstract:Wireless cameras are widely deployed in surveillance systems for security guarding. However, the privacy concerns associated with unauthorized videotaping, are drawing increasing attention recently. Existing detection methods for unauthorized wireless cameras are either limited by their detection accuracy or requiring dedicated devices. In this paper, we propose DeWiCam, a lightweight and effective detection mechanism using smartphones. The basic idea of DeWiCam is to utilize the intrinsic traffic patterns of flows from wireless cameras. Compared with traditional traffic pattern analysis, DeWiCam is more challenging because it cannot access the encrypted information in the data packets. Yet, DeWiCam overcomes the difficulty and can detect nearby wireless cameras reliably. To further identify whether a camera is in an interested room, we propose a human-assisted identification model. Extension functions of DeWiCam further enable the video resolution and audio channel inference to provide extra protection. We implemented DeWiCam on the Android platform and evaluated it with extensive experiments on 20 cameras. The evaluation results show that DeWiCam can detect cameras with an accuracy of 99 percent within $2.7\;\mathrm {s}$2.7s.

Yan Long,Qinhong Jiang,Chen Yan,Tobias Alam,Xiaoyu Ji,Wenyuan Xu,Kevin Fu

DOI: https://doi.org/10.14722/ndss.2024.24552

2024-01-01

Abstract:IoT devices and other embedded systems are increasingly equipped with cameras that can sense critical information in private spaces.The data security of these cameras, however, has hardly been scrutinized from the hardware design perspective.Our paper presents the first attempt to analyze the attack surface of physical-channel eavesdropping on embedded cameras.We characterize EM Eye-a vulnerability in the digital image data transmission interface that allows adversaries to reconstruct high-quality image streams from the cameras' unintentional electromagnetic emissions, even from over 2 meters away in many cases.Our evaluations of 4 popular IoT camera development platforms and 12 commercial off-the-shelf devices with cameras show that EM Eye poses threats to a wide range of devices, from smartphones to dash cams and home security cameras.By exploiting this vulnerability, adversaries may be able to visually spy on private activities in an enclosed room from the other side of a wall.We provide root cause analysis and modeling that enable system defenders to identify and simulate mitigation against this vulnerability, such as improving embedded cameras' data transmission protocols with minimum costs.We further discuss EM Eye's relationship with known computer display eavesdropping attacks to reveal the gaps that need to be addressed to protect the data confidentiality of sensing systems.

Baiyang Li,Yujia Zhu,Qingyun Liu,Zhou,Li Guo

DOI: https://doi.org/10.1109/icc.2019.8761517

2019-01-01

Abstract:Nowadays, the rapid growth of cloud computing and IoT enabled services among multiple organizations brings both promising prospects and security & privacy challenges. IP cameras have become a top target for hackers because of their relatively high computing power and throughput. To understand the risks of these threats requires learning about IP cameras-where are they, how many are there? Active scanning is considered to be an effective way, like SHODAN. However, deployment of smart cameras in the network address translation (NAT) environments with dynamic locations is usually desired. To find these Invisible Cameras, CamHunter: (i) introduces three statements of smart cameras when they are online, (ii) concludes the most popular smart cameras in China have very similar communication patterns, (iii) proposes a model to detect smart cameras in a passive way constructed by nineteen feature sets, and (iv) raises alarms for IoT manufacturers. Our real-world experiments demonstrate the effectiveness of CamHunter in finding smart cameras even if they are behind NATs and using encrypted connections like SSL/TLS or private protocols. We argue that CamHunter represents an important view of IoT security and privacy, and it can guide the effort of designing and protecting smart cameras.

Jiongyu Dai,Qiang Li,Haining Wang,Lingjia Liu

DOI: https://doi.org/10.1016/j.knosys.2023.111226

IF: 8.139

2024-01-01

Knowledge-Based Systems

Abstract:Closed-circuit television (CCTV) systems and surveillance devices have been widely used for monitoring the real world (e.g., streets, lanes, buildings). Illumination of the nature of surveillance devices’ images can help in deterring criminal activity and provide insights for improving the infrastructure safety of CCTV systems. However, millions of outdated surveillance devices are still in use today, which suffer noise, the field of view, low-light conditions, and low visual quality. In this work, we conduct a large-scale empirical study of images of surveillance devices in the wild. For data collection, we deploy a web crawler to gather webcam images in the wild covering 100 websites that distribute the live streams to the public, such as a plaza and an industrial area. To enhance the low-light quality of images, we propose a new framework called ImCam for enhancing the quality of webcam images in the wild, including the retinex model and generative adversarial network (GAN). We develop a prototype of ImCam and evaluate its effectiveness over three classification systems, AlexNet, ResNet, and Vision Transformer (ViT), and Machine Learning as a Service (MLaaS) in three cloud service providers (Azure, Baidu, and Tencent). Our results show that ImCam is capable of improving low-light images for CCTV systems, making them acceptable in practice. Finally, leveraging 203,786 live streams and our ImCam, we conduct an analysis of webcam images in the wild and shed light on the nature of security usage for CCTV systems.

Shane S. Clark,Hossen A. Mustafa,Benjamin Ransford,Jacob Sorber,Kevin Fu,Wenyuan Xu

DOI: https://doi.org/10.1007/978-3-642-40203-6_39

2013-01-01

Abstract:Computers plugged into power outlets leak identifiable information by drawing variable amounts of power when performing different tasks. This work examines the extent to which this side channel leaks private information about web browsing to an observer taking measurements at the power outlet. Using direct measurements of AC power consumption with an instrumented outlet, we construct a classifier that correctly identifies unlabeled power traces of webpage activity from a set of 51 candidates with 99% precision and 99% recall. The classifier rejects samples of 441 pages outside the corpus with a false-positive rate of less than 2%. It is also robust to a number of variations in webpage loading conditions, including encryption. When trained on power traces from two computers loading the same webpage, the classifier correctly labels further traces of that webpage from either computer. We identify several reasons for this consistently recognizable power consumption, including system calls, and propose countermeasures to limit the leakage of private information. Characterizing the AC power side channel may help lead to practical countermeasures that protect user privacy from an untrustworthy power infrastructure. © 2013 Springer-Verlag.

Ryan Dailey,Aniesh Chawla,Andrew Liu,Sripath Mishra,Ling Zhang,Josh Majors,Yung-Hsiang Lu,George K. Thiruvathukal

DOI: https://doi.org/10.48550/arXiv.2103.12286

2021-03-23

Information Retrieval

Abstract:Reduction in the cost of Network Cameras along with a rise in connectivity enables entities all around the world to deploy vast arrays of camera networks. Network cameras offer real-time visual data that can be used for studying traffic patterns, emergency response, security, and other applications. Although many sources of Network Camera data are available, collecting the data remains difficult due to variations in programming interface and website structures. Previous solutions rely on manually parsing the target website, taking many hours to complete. We create a general and automated solution for aggregating Network Camera data spread across thousands of uniquely structured web pages. We analyze heterogeneous web page structures and identify common characteristics among 73 sample Network Camera websites (each website has multiple web pages). These characteristics are then used to build an automated camera discovery module that crawls and aggregates Network Camera data. Our system successfully extracts 57,364 Network Cameras from 237,257 unique web pages.

Qiang Li,Xuan Feng,Haining Wang,Limin Sun

DOI: https://doi.org/10.1145/3083187.3084020

2017-01-01

Abstract:Surveillance devices with IP addresses are accessible on the Internet and play a crucial role in monitoring physical worlds. Discovering surveillance devices is a prerequisite for ensuring high availability, reliability, and security of these devices. However, today's device search depends on keywords of packet head fields, and keyword collection is done manually, which requires enormous human efforts and induces inevitable human errors. The difficulty of keeping keywords complete and updated has severely impeded an accurate and large-scale device discovery. To address this problem, we propose to automatically generate device fingerprints based on webpages embedded in surveillance devices. We use natural language processing to extract the content of webpages and machine learning to build a classification model. We achieve real-time and non-intrusive web crawling by leveraging network scanning technology. We implement a prototype of our proposed discovery system and evaluate its effectiveness through real-world experiments. The experimental results show that those automatically generated fingerprints yield very high accuracy of 99% precision and 96% recall. We also deploy the prototype system on Amazon EC2 and search surveillance devices in the whole IPv4 space (nearly 4 billion). The number of devices we found is almost 1.6 million, about twice as many as those using commercial search engines.

Qiang Li,Zhihao Wang,Dawei Tan,Jinke Song,Haining Wang,Limin Sun,Jiqiang Liu

DOI: https://doi.org/10.1109/tnet.2021.3073926

2021-01-01

IEEE/ACM Transactions on Networking

Abstract:IP-based geolocation is essential for various location-aware Internet applications, such as online advertisement, content delivery, and online fraud prevention. Achieving accurate geolocation enormously relies on the number of high-quality (i.e., the fine-grained and stable over time) landmarks. However, the previous efforts of garnering landmarks have been impeded by the limited visible landmarks on the Internet and manual time cost. In this paper, we leverage the availability of numerous online webcams used to monitor physical surroundings as a rich source of promising high-quality landmarks for serving IP-based geolocation. In particular, we present a new framework called GeoCAM, which is designed to automatically generate qualified landmarks from online webcams, providing an IP-based geolocation service with high accuracy and wide coverage. GeoCAM periodically monitors websites hosting live webcams and uses the natural language processing technique to extract the IP addresses and latitude/longitude of webcams for generating landmarks at a large-scale. Given latency and topology constraints among webcam landmarks, GeoCAM uses the maximum likelihood estimation to approximately pinpoint the geolocation of a target host. We develop a prototype of GeoCAM and conduct real-world experiments for validating its efficacy. Our results show that GeoCam can detect 282,902 live webcams hosted in webpages with 94.2% precision and 90.4% recall, and then generate 16,863 stable and fine-grained landmarks, which are two orders of magnitude more than the landmarks used in prior works. To demonstrate the superiority of using large-scale webcams as landmarks, we implement four different geolocation algorithms and compare their performance between webcam landmarks and open-source landmarks. The evaluation results show that all the algorithms can significantly improve geolocation accuracy by using webcam landmarks.

Hong Li,Yunhua He,Limin Sun,Xiuzhen Cheng,Jiguo Yu

DOI: https://doi.org/10.1109/INFOCOM.2016.7524621

2016-01-01

Abstract:Video surveillance has been widely adopted to ensure home security in recent years. Most video encoding standards such as H.264 and MPEG-4 compress the temporal redundancy in a video stream using difference coding, which only encodes the residual image between a frame and its reference frame. Difference coding can efficiently compress a video stream, but it causes side-channel information leakage even though the video stream is encrypted, as reported in this paper. Particularly, we observe that the traffic patterns of an encrypted video stream are different when a user conducts different basic activities of daily living, which must be kept private from third parties as obliged by HIPAA regulations. We also observe that by exploiting this side-channel information leakage, attackers can readily infer a user's basic activities of daily living based on only the traffic size data of an encrypted video stream. We validate such an attack using two off-the-shelf cameras, and the results indicate that the user's basic activities of daily living can be recognized with a high accuracy.

Zhihao Wang,Qiang Li,Jinke Song,Haining Wang,Limin Sun

DOI: https://doi.org/10.1145/3366423.3380216

2020-01-01

Abstract:IP-based geolocation is essential for various location-aware Internet applications, such as online advertisement, content delivery, and online fraud prevention. Achieving accurate geolocation enormously relies on the number of high-quality (i.e., the fine-grained and stable over time) landmarks. However, the previous efforts of garnering landmarks have been impeded by the limited visible landmarks on the Internet and manual time cost. In this paper, we leverage the availability of numerous online webcams that are used to monitor physical surroundings as a rich source of promising high-quality landmarks for serving IP-based geolocation. In particular, we present a new framework called GeoCAM, which is designed to automatically generate qualified landmarks from online webcams, providing IP-based geolocation services with high accuracy and wide coverage. GeoCAM periodically monitors websites that are hosting live webcams and uses the natural language processing technique to extract the IP addresses and latitude/longitude of webcams for generating landmarks at large-scale. We develop a prototype of GeoCAM and conduct real-world experiments for validating its efficacy. Our results show that GeoCam can detect 282,902 live webcams hosted in webpages with 94.2% precision and 90.4% recall, and then generate 16,863 stable and fine-grained landmarks, which are two orders of magnitude more than the landmarks used in prior works. Thus, by correlating a large scale of landmarks, GeoCAM is able to provide a geolocation service with high accuracy and wide coverage.

Xuan Feng,Qiang Li,Qi Han,Hongsong Zhu,Yan Liu,Jie Cui,Limin Sun

DOI: https://doi.org/10.1109/ICCCN.2016.7568486

2016-01-01

Abstract:Nowadays, more and more physical devices embed computing and networking capabilities and are visible on the Internet. These devices include webcams, net-printers, and industrial control equipments, etc. Collecting information about these devices is crucial to preserve cyber-security and facilitate security auditing for system administrators. In this paper, we propose a scalable framework for physical device profiling. It leverages banner grabbing to identify device types and running services, and uses clock skew to determine a device ID. Our framework scales well. We implement a prototype system and use it to profile Webcams and industrial control device. The results show that our system can effectively profile and identify Webcams in real time. We deploy it on the cloud server and use it to detect 4 billion IP addresses to profile 1.2 million Webcams and more than 60 thousand industrial control devices in 20 hours.

Samuel Herodotou,Feng Hao

DOI: https://doi.org/10.48550/arXiv.2306.00610

2023-06-01

Cryptography and Security

Abstract:Hidden cameras, also called spy cameras, are surveillance tools commonly used to spy on people without their knowledge. Whilst previous studies largely focused on investigating the detection of such a camera and the privacy implications, the security of the camera itself has received limited attention. Compared with ordinary IP cameras, spy cameras are normally sold in bulk at cheap prices and are ubiquitously deployed in hidden places within homes and workplaces. A security compromise of these cameras can have severe consequences. In this paper, we analyse a generic IP camera module, which has been packaged and re-branded for sale by several spy camera vendors. The module is controlled by mobile phone apps. By analysing the Android app and the traffic data, we reverse-engineered the security design of the whole system, including the module's Linux OS environment, the file structure, the authentication mechanism, the session management, and the communication with a remote server. Serious vulnerabilities have been identified in every component. Combined together, they allow an adversary to take complete control of a spy camera from anywhere over the Internet, enabling arbitrary code execution. This is possible even if the camera is behind a firewall. All that an adversary needs to launch an attack is the camera's serial number, which users sometimes unknowingly share in online reviews. We responsibly disclosed our findings to the manufacturer. Whilst the manufacturer acknowledged our work, they showed no intention to fix the problems. Patching or recalling the affected cameras is infeasible due to complexities in the supply chain. However, it is prudent to assume that bad actors have already been exploiting these flaws. We provide details of the identified vulnerabilities in order to raise public awareness, especially on the grave danger of disclosing a spy camera's serial number.

Qianyi Huang,Youjing Lu,Zhicheng Luo,Hao Wang,Fan Wu,Guihai Chen,Qian Zhang

DOI: https://doi.org/10.1145/3570504

2023-01-01

ACM Transactions on Sensor Networks

Abstract:Wireless home surveillance cameras are gaining popularity in elderly/baby care and burglary detection in an effort tomake our life safer than ever before. However, even though the camera's traffic is encrypted, attackers can still infer what the residents are doing at home. Although this security loophole has been reported, it does not attract much attention from the public, as it requires the attacker to be in close proximity to the camera and have some prior knowledge about the victims. Due to these requirements, the attacker has a low chance of success in the real world. In this article, we argue that the capability of attackers has been greatly underestimated. First, the attacker can leverage the characteristics of video transport protocols to recover the metadata of missing packets. Second, the attacker can build the inference model using the public datasets and adapt the model to the real traffic. Thus, the attacker can launch the attack at a distance from the camera, without prior knowledge about the victim. We also implement this attack scenario and verify that the attacker can infer the victims' activities at a distance as large as 40 m without any knowledge about the victim, neither personal nor environmental.

Yangyang Gu,Jing Chen,Cong Wu,Kun He,Ziming Zhao,Ruiying Du

DOI: https://doi.org/10.1145/3631432

2023-01-01

Abstract:Unlawful wireless cameras are often hidden to secretly monitor private activities. However, existing methods to detect and localize these cameras are interactively complex or require expensive specialized hardware. In this paper, we present LocCams, an efficient and robust approach for hidden camera detection and localization using only a commodity device (e.g., a smartphone). By analyzing data packets in the wireless local area network, LocCams passively detects hidden cameras based on the packet transmission rate. Camera localization is achieved by identifying whether the physical channel between our detector and the hidden camera is a Line-of-Sight (LOS) propagation path based on the distribution of channel state information subcarriers, and utilizing a feature extraction approach based on a Convolutional Neural Network (CNN) model for reliable localization. Our extensive experiments, involving various subjects, cameras, distances, user positions, and room configurations, demonstrate LocCams' effectiveness. Additionally, to evaluate the performance of the method in real life, we use subjects, cameras, and rooms that do not appear in the training set to evaluate the transferability of the model. With an overall accuracy of 95.12% within 30 seconds of detection, LocCams provides robust detection and localization of hidden cameras.

Ke Li,Hong Li,Hongsong Zhu,Limin Sun,Hui Wen

DOI: https://doi.org/10.1109/IPCCC47392.2019.8958775

2019-01-01

Abstract:Instant Messaging has been widely applied for both corporate use and personal use in recent years. Major Instant Messaging service providers adopt the Push Technology to ensure the immediacy of message forwarding, which efficiently provides a great convenience for user. However, the immediacy feature causes side-channel information leakage even if some protection measures has been implemented, such as information encryption strategy. In particular, we observe that senders' traffic flows have a strong temporal correlation with those of corresponding recipients, since the messages are forwarded to recipients as soon as they are received by servers. Based on the observation, attackers can infer real-time communications between pairwise users and even the social connections of users. In this paper, we present a methodology framework to validate this side-channel information leakage, which identifies users of real-time communications by matching the pairwise time sequences of traffic flows. We evaluate the method on the collected real-world data. The experimental results show that users' communications can be identified with a high accuracy, and 6 groups of users are inferred to have strong connections based on the data collected from a local area networks.

Hyeyoung An,Woojin Park,Soochang Park

DOI: https://doi.org/10.1109/access.2024.3350175

IF: 3.9

2024-01-01

IEEE Access

Abstract:This paper introduces a novel method to detect WiFi-enabled spy cameras potentially invading user privacy via wireless streaming within a user’s vicinity. So far, there have been social initiatives to conduct spy camera inspections to address this issue, and academic societies have been working on various detection methods. However, such studies typically rely on additional specific efforts, such as using specialized equipment to gather channel state information (CSI) or collecting extensive long-term data per location for machine learning approaches. In addition, some ideas could not recognize features of spy camera data due to data encryption. Hence, this paper comes up with a novel scheme for detecting wireless spy cameras based only on off-the-shelf devices. To achieve these functionalities, the proposed scheme consists of three phases: 1) classification, 2) detection, and 3) localization. First, in the classification phase, the collected packet headers are analyzed to identify and classify the upstream streaming protocols. In addition, the proposed scheme fulfills the detection phase that exploits the Nilsimsa algorithm to analyze packet similarity, identifying potential spy cameras by detecting consistent high similarity patterns in the classified data traffic. Finally, the proposed approach provides the localization phase that captures and analyzes Received Signal Strength Indication (RSSI) values at the target location and spots the camera position. Unlike existing methods, the proposed scheme does not rely on extensive data collection per location and complex mechanisms to interpret encrypted data. Moreover, compared to machine learning (ML)-based positioning means, which require significant data sets and long-term computation time, the scheme achieves real-time detection with minimal computational demands.

computer science, information systems,telecommunications,engineering, electrical & electronic

Yan Long,Chen Yan,Shilin Xiao,Shivan Prasad,Wenyuan Xu,Kevin Fu

DOI: https://doi.org/10.1109/SP46215.2023.00050

2023-01-16

Abstract:Using mathematical modeling and human subjects experiments, this research explores the extent to which emerging webcams might leak recognizable textual and graphical information gleaming from eyeglass reflections captured by webcams. The primary goal of our work is to measure, compute, and predict the factors, limits, and thresholds of recognizability as webcam technology evolves in the future. Our work explores and characterizes the viable threat models based on optical attacks using multi-frame super resolution techniques on sequences of video frames. Our models and experimental results in a controlled lab setting show it is possible to reconstruct and recognize with over 75% accuracy on-screen texts that have heights as small as 10 mm with a 720p webcam. We further apply this threat model to web textual contents with varying attacker capabilities to find thresholds at which text becomes recognizable. Our user study with 20 participants suggests present-day 720p webcams are sufficient for adversaries to reconstruct textual content on big-font websites. Our models further show that the evolution towards 4K cameras will tip the threshold of text leakage to reconstruction of most header texts on popular websites. Besides textual targets, a case study on recognizing a closed-world dataset of Alexa top 100 websites with 720p webcams shows a maximum recognition accuracy of 94% with 10 participants even without using machine-learning models. Our research proposes near-term mitigations including a software prototype that users can use to blur the eyeglass areas of their video streams. For possible long-term defenses, we advocate an individual reflection testing procedure to assess threats under various settings, and justify the importance of following the principle of least privilege for privacy-sensitive scenarios.

Cryptography and Security,Computer Vision and Pattern Recognition

Yushi Cheng,Xiaoyu Ji,Xinyan Zhou,Wenyuan Xu

DOI: https://doi.org/10.1109/ICPADS.2017.00106

2017-01-01

Abstract:Wireless cameras are widely deployed in homes and offices for security guarding, and play as an important part of smart home devices. Those security cameras, which are supposed to provide protection services, however, may in turn leak personal privacy that can result in security issues. In this paper, we reveal that attackers are able to eavesdrop the traffic of wireless cameras and analyze whether you are at home or not without entering the house. We propose HomeSpy, an attack tool that infers the house status by inspecting the bitrate variation of the wireless camera traffic. We implement Home Spy on the Android platform and validate it on 3 cameras. The evaluation results show that HomeSpy can achieve a successful attack rate of 97.2%.

Yushi Cheng,Xiaoyu Ji,Tianyang Lu,Wenyuan Xu

DOI: https://doi.org/10.1145/3196494.3196509

2018-01-01

Abstract:Wireless cameras are widely deployed in surveillance systems for security guarding. However, the privacy concerns associated with unauthorized videotaping, are drawing an increasing attention recently. Existing detection methods for unauthorized wireless cameras are either limited by their detection accuracy or requiring dedicated devices. In this paper, we propose DeWiCam, a lightweight and effective detection mechanism using smartphones. The basic idea of DeWiCam is to utilize the intrinsic traffic patterns of flows from wireless cameras. Compared with traditional traffic pattern analysis, DeWiCam is more challenging because it cannot access the encrypted information in the data packets. Yet, DeWiCam overcomes the difficulty and can detect nearby wireless cameras reliably. To further identify whether a camera is in an interested room, we propose a human-assisted identification model. We implement DeWiCam on the Android platform and evaluate it with extensive experiments on 20 cameras. The evaluation results show that DeWiCam can detect cameras with an accuracy of 99% within 2.7 s.