Yushi Cheng,Xiaoyu Ji,Tianyang Lu,Wenyuan Xu

DOI: https://doi.org/10.1109/tmc.2019.2900919

IF: 6.075

2019-01-01

IEEE Transactions on Mobile Computing

Abstract:Wireless cameras are widely deployed in surveillance systems for security guarding. However, the privacy concerns associated with unauthorized videotaping, are drawing increasing attention recently. Existing detection methods for unauthorized wireless cameras are either limited by their detection accuracy or requiring dedicated devices. In this paper, we propose DeWiCam, a lightweight and effective detection mechanism using smartphones. The basic idea of DeWiCam is to utilize the intrinsic traffic patterns of flows from wireless cameras. Compared with traditional traffic pattern analysis, DeWiCam is more challenging because it cannot access the encrypted information in the data packets. Yet, DeWiCam overcomes the difficulty and can detect nearby wireless cameras reliably. To further identify whether a camera is in an interested room, we propose a human-assisted identification model. Extension functions of DeWiCam further enable the video resolution and audio channel inference to provide extra protection. We implemented DeWiCam on the Android platform and evaluated it with extensive experiments on 20 cameras. The evaluation results show that DeWiCam can detect cameras with an accuracy of 99 percent within $2.7\;\mathrm {s}$2.7s.

Yushi Cheng,Xiaoyu Ji,Xinyan Zhou,Wenyuan Xu

DOI: https://doi.org/10.1109/ICPADS.2017.00106

2017-01-01

Abstract:Wireless cameras are widely deployed in homes and offices for security guarding, and play as an important part of smart home devices. Those security cameras, which are supposed to provide protection services, however, may in turn leak personal privacy that can result in security issues. In this paper, we reveal that attackers are able to eavesdrop the traffic of wireless cameras and analyze whether you are at home or not without entering the house. We propose HomeSpy, an attack tool that infers the house status by inspecting the bitrate variation of the wireless camera traffic. We implement Home Spy on the Android platform and validate it on 3 cameras. The evaluation results show that HomeSpy can achieve a successful attack rate of 97.2%.

Xiaoyu Ji,Yushi Cheng,Wenyuan Xu,Xinyan Zhou

DOI: https://doi.org/10.1155/2018/3980371

IF: 1.968

2018-01-01

Security and Communication Networks

Abstract:Wireless cameras are widely deployed in smart homes for security guarding, baby monitoring, fall detection, and so on. Those security cameras, which are supposed to protect users, however, may in turn leak a user’s personal privacy. In this paper, we reveal that attackers are able to infer whether users are at home or not, that is, the user presence, by eavesdropping the traffic of wireless cameras from distance. We propose HomeSpy, a system that infers user presence by inspecting the intrinsic pattern of the wireless camera traffic. To infer the user presence, HomeSpy first eavesdrops the wireless traffic around the target house and detects the existence of wireless cameras with a Long Short-Term Memory (LSTM) network. Then, HomeSpy infers the user presence using the bitrate variation of the wireless camera traffic based on a cumulative sum control chart (CUSUM) algorithm. We implement HomeSpy on the Android platform and validate it on 20 cameras. The evaluation results show that HomeSpy can achieve a successful attack rate of 97.2%.

Yan Long,Qinhong Jiang,Chen Yan,Tobias Alam,Xiaoyu Ji,Wenyuan Xu,Kevin Fu

DOI: https://doi.org/10.14722/ndss.2024.24552

2024-01-01

Abstract:IoT devices and other embedded systems are increasingly equipped with cameras that can sense critical information in private spaces.The data security of these cameras, however, has hardly been scrutinized from the hardware design perspective.Our paper presents the first attempt to analyze the attack surface of physical-channel eavesdropping on embedded cameras.We characterize EM Eye-a vulnerability in the digital image data transmission interface that allows adversaries to reconstruct high-quality image streams from the cameras' unintentional electromagnetic emissions, even from over 2 meters away in many cases.Our evaluations of 4 popular IoT camera development platforms and 12 commercial off-the-shelf devices with cameras show that EM Eye poses threats to a wide range of devices, from smartphones to dash cams and home security cameras.By exploiting this vulnerability, adversaries may be able to visually spy on private activities in an enclosed room from the other side of a wall.We provide root cause analysis and modeling that enable system defenders to identify and simulate mitigation against this vulnerability, such as improving embedded cameras' data transmission protocols with minimum costs.We further discuss EM Eye's relationship with known computer display eavesdropping attacks to reveal the gaps that need to be addressed to protect the data confidentiality of sensing systems.

Hong Li,Yunhua He,Limin Sun,Xiuzhen Cheng,Jiguo Yu

DOI: https://doi.org/10.1109/INFOCOM.2016.7524621

2016-01-01

Abstract:Video surveillance has been widely adopted to ensure home security in recent years. Most video encoding standards such as H.264 and MPEG-4 compress the temporal redundancy in a video stream using difference coding, which only encodes the residual image between a frame and its reference frame. Difference coding can efficiently compress a video stream, but it causes side-channel information leakage even though the video stream is encrypted, as reported in this paper. Particularly, we observe that the traffic patterns of an encrypted video stream are different when a user conducts different basic activities of daily living, which must be kept private from third parties as obliged by HIPAA regulations. We also observe that by exploiting this side-channel information leakage, attackers can readily infer a user's basic activities of daily living based on only the traffic size data of an encrypted video stream. We validate such an attack using two off-the-shelf cameras, and the results indicate that the user's basic activities of daily living can be recognized with a high accuracy.

Qinhong Jiang,Xiaoyu Ji,Chen Yan,Zhixin Xie,Haina Lou,Wenyuan Xu

2023-01-01

Abstract:Cameras have evolved into one of the most critical gadgets in various applications. In this paper, we identify a new class of vulnerabilities involving the hitherto disregarded image signal transmission phase and explain the underlying principles of camera glitches for the first time. Based on the vulnerabilities, we design the GlitchHiker attack that can actively induce controlled glitch images of a camera at various positions, widths, and numbers using intentional electromagnetic interference (IEMI). We successfully launch the GlitchHiker attack on 8 off-the-shelf camera systems in 5 categories in their original packages at a distance of up to 30 cm. Experiments with 2 case studies involving 4 object detectors and 2 face detectors show that injecting one ribboning suffices to hide, create or alter objects and persons with a maximum success rate of 98.5% and 80.4%, respectively. Then, we discuss real-world attack scenarios and perform preliminary investigations on the feasibility of targeted attacks. Finally, we propose hardware- and software-based countermeasures.

Hyeyoung An,Woojin Park,Soochang Park

DOI: https://doi.org/10.1109/access.2024.3350175

IF: 3.9

2024-01-01

IEEE Access

Abstract:This paper introduces a novel method to detect WiFi-enabled spy cameras potentially invading user privacy via wireless streaming within a user’s vicinity. So far, there have been social initiatives to conduct spy camera inspections to address this issue, and academic societies have been working on various detection methods. However, such studies typically rely on additional specific efforts, such as using specialized equipment to gather channel state information (CSI) or collecting extensive long-term data per location for machine learning approaches. In addition, some ideas could not recognize features of spy camera data due to data encryption. Hence, this paper comes up with a novel scheme for detecting wireless spy cameras based only on off-the-shelf devices. To achieve these functionalities, the proposed scheme consists of three phases: 1) classification, 2) detection, and 3) localization. First, in the classification phase, the collected packet headers are analyzed to identify and classify the upstream streaming protocols. In addition, the proposed scheme fulfills the detection phase that exploits the Nilsimsa algorithm to analyze packet similarity, identifying potential spy cameras by detecting consistent high similarity patterns in the classified data traffic. Finally, the proposed approach provides the localization phase that captures and analyzes Received Signal Strength Indication (RSSI) values at the target location and spots the camera position. Unlike existing methods, the proposed scheme does not rely on extensive data collection per location and complex mechanisms to interpret encrypted data. Moreover, compared to machine learning (ML)-based positioning means, which require significant data sets and long-term computation time, the scheme achieves real-time detection with minimal computational demands.

computer science, information systems,telecommunications,engineering, electrical & electronic

Fang Qi,Yingkai Zhao,Md Zakirul Alam Bhuiyan,Tao Hai,Monirul Islam,Shaobo Zhang,Zhe Tang

DOI: https://doi.org/10.1002/cpe.7313

2023-01-01

Abstract:Nowadays, wireless radio signals are ubiquitous and are around us; some signals pass through us, and some reflect off us. Substantial advancements in recent years demonstrate that such signals are utilized for diverse emerging applications, including people activity, motion watches, healthcare, and so forth. A few questions would be that may raise severe concerns in future cybersecurity and private domains. For example, what if Wi-Fi signals are utilized to watch a person doings and actions, which are mostly without the person's authorization and authentication. How far such signal utilization can attack privacy intrusively, silently, more particularly, what/where we do, say, command, see, write, draw, go, perform, everything can be known. In this article, we investigate watching human activities by leveraging Wi-Fi signals and discuss a few application prototypes. We attempt to learn whether or not attackers have the ability to passively watch our Internet activity as well as physical activities and motions through Wi-Fi. With all-new advances, one must be aware that cyberattackers may apply unauthorized use of these advances to their benefit. We discuss some of the countermeasures and approaches to mitigate these risks with Wi-Fi signal leveraging.

Xiaomeng Yu,Yanyong Zhang,Xiang-Yang Li,Xing Guo

DOI: https://doi.org/10.1109/bigcom53800.2021.00033

2021-01-01

Abstract:The sensor network is widely used in the Internet of Things environment to create a more intelligent and convenient life, sensors closely monitor and get information from the living environment, smart home devices respond to user instructions to provide services. The constant interaction data with the cloud server, however, is unwittingly exposing user privacy to danger. This paper attacks a variety of smart home devices and sensors through traffic analysis, proving that encrypted data has the risk of revealing user privacy in the wireless environment, even if the packet content is not obtained, the state of a single IoT device can be analyzed through the number and shape of packets. Also, considering the user behavior may lead to responses from multiple devices in the environment, so that more elaborate information can be further deduced through the analysis of the combination of multiple equipment states. Based on the attack on single devices, we carried out a joint attack on multiple devices using state sequence diagrams of all devices in the smart home. The experiments prove that the traffic patterns of IoT devices do leak private information of users, we provide the corresponding solution of traffic shaping to defend against such attack.

Peng Zhang,Tony Thomas,Sabu Emmanuel,Mohan S. Kankanhalli

DOI: https://doi.org/10.1145/1877972.1877983

2010-01-01

Abstract:Video surveillance has become a ubiquitous feature of the modern day life. However, the widespread use of video surveillance has raised concerns about the privacy of people. In this paper, we propose a novel video surveillance with a privacy preserving mechanism. We achieve this by combining the techniques of pedestrian tracking based on a Markov chain with two hidden states, elliptical head contour detection and encryption. The detected pedestrian face/head is obscured by encrypting with a unique key derived from a master key for the privacy preservation purpose. The surveillance video can be viewed with complete privacy or by revoking the privacy of any subset of pedestrians while ensuring complete privacy of the remaining pedestrians.The performance evaluation on many challenging surveillance scenarios shows that the proposed mechanism can effectively and robustly track multiple pedestrians and obscure their faces/head in real time.

Shaojie Tang,Xiang-Yang Li,Haitao Zhang,Jiankang Han,Guojun Dai,Cheng Wang,Xingfa Shen

DOI: https://doi.org/10.1109/rtss.2011.37

2011-01-01

Abstract:We present TelosCAM, a networking system that integrates wireless module nodes (such as TelosB nodes) with legacy surveillance cameras to provide storage-efficient and privacy-aware services of accurate, real time tracking and identifying of the burglar who stole the property. In our system, a property owner will have a wireless module node (called secondary module) attached to the property that s/he wants to protect. The secondary wireless module node will not store any personal information about the owner, nor any specific information about the property to be protected. Each user of the system will also have a unique wireless module node (called primary module) that contains some security information about the user, thus should be privately held by the user and be kept to the user always. Once a tracking process is triggered in privacy preserving manner, the secondary module will start sending out the alarm signal periodically. The alarm signal will be captured by some surveillance wireless module, integrated with existing surveillance cameras. Using the trajectory information provided by the secondary wireless module node, and the videos captured by the surveillance cameras, our system will then automatically pinpoint a burglar (e.g., a person or a car) that is more likely to carry the stolen property. Our extensive evaluation of the system shows that we can find the burglars with surprisingly high accuracy under various experiment settings, with significantly reduced storage-requirement of the legacy video surveillance system. It also can help the police to catch the burglars more efficiently by providing critical images or videos containing the burglars.

Qingshui Xue,Haozhi Zhu,Xingzhong Ju,Haojin Zhu,Fengying Li,Xiangwei Zheng,Baochuan Zuo

DOI: https://doi.org/10.1007/978-3-030-22971-9_6

2019-01-01

Abstract:The Internet of things is a new technological revolution following the computer and Internet. It aims to connect all physical objects existing in the world and forms a network with everything. In recent years, smart home gradually enters into our life. Smart home uses the Internet of things technology to connect all kinds of devices in the home, to achieve a smart home environment. Although the development of smart home has brought a qualitative leap to people’s life, there are many problems in security. Privacy security is one of the challenges to the smart home environment. Attackers can intrude various smart devices in the smart home environment, to achieve the purpose of stealing users’ personal information and privacy. Among these devices, smart cameras are the most intruded frequently. Since many cameras are installed in users’ homes to achieve real-time monitoring of the environment, but the existence of these cameras provides a channel to get information for attackers. In recent years, the leak of video privacy is emerging in an endless stream. According to the researches about privacy protection, this paper proposes a new scheme to selectively encrypt the video captured by the cameras through machine learning technology, so as to protect the personal privacy of users and improve the security of the smart home environment.

Samuel Herodotou,Feng Hao

DOI: https://doi.org/10.48550/arXiv.2306.00610

2023-06-01

Cryptography and Security

Abstract:Hidden cameras, also called spy cameras, are surveillance tools commonly used to spy on people without their knowledge. Whilst previous studies largely focused on investigating the detection of such a camera and the privacy implications, the security of the camera itself has received limited attention. Compared with ordinary IP cameras, spy cameras are normally sold in bulk at cheap prices and are ubiquitously deployed in hidden places within homes and workplaces. A security compromise of these cameras can have severe consequences. In this paper, we analyse a generic IP camera module, which has been packaged and re-branded for sale by several spy camera vendors. The module is controlled by mobile phone apps. By analysing the Android app and the traffic data, we reverse-engineered the security design of the whole system, including the module's Linux OS environment, the file structure, the authentication mechanism, the session management, and the communication with a remote server. Serious vulnerabilities have been identified in every component. Combined together, they allow an adversary to take complete control of a spy camera from anywhere over the Internet, enabling arbitrary code execution. This is possible even if the camera is behind a firewall. All that an adversary needs to launch an attack is the camera's serial number, which users sometimes unknowingly share in online reviews. We responsibly disclosed our findings to the manufacturer. Whilst the manufacturer acknowledged our work, they showed no intention to fix the problems. Patching or recalling the affected cameras is infeasible due to complexities in the supply chain. However, it is prudent to assume that bad actors have already been exploiting these flaws. We provide details of the identified vulnerabilities in order to raise public awareness, especially on the grave danger of disclosing a spy camera's serial number.

Zhiqiang Wang,Jiahui Hou,Guangyu Wu,Suyuan Liu,Puhan Luo,Xiangyang Li

DOI: https://doi.org/10.1145/3625825

2024-01-01

ACM Transactions on Sensor Networks

Abstract:As one of the most commonly used AIoT sensors, smart cameras and their supporting services, namely cloud video surveillance (CVS) systems have brought great convenience to people’s lives. Recent CVS providers use different machine learning (ML) techniques to improve their services (regarded as tasks) based on the uploaded video. However, uploading data to the CVS providers may cause severe privacy issues. Existing works that remove privacy information could not achieve a high trade-off between data usability and privacy because the importance of information varies with the task. In addition, it is challenging to design a real-time privacy protection mechanism, especially in resource-constraint smart cameras. In this work, we design a task-driven and efficient video privacy protection mechanism for a better trade-off between privacy and data usability. We use Class Activation Mapping to protect privacy while preserving data usability. To improve the efficiency, we utilize the motion vector and residual matrix produced during video codec. Our work outperforms the ROI-based methods in data protection while preserving data usability. The attack accuracy drops 70%, while the task accuracy is comparable to those without protection (within ± 4%). The average protection frame rate of the High Definition video can exceed 16 fps+ even on a CPU.

Quanlong Zhu,Chao Yang,Yu Zheng,Jianfeng Ma,Hui Li,Junwei Zhang,Jiajie Shao

DOI: https://doi.org/10.1049/ise2.12015

2021-01-01

IET Information Security

Abstract:With the rapid development of the IoT, smart home plays an increasingly important role in daily life. At the same time, privacy issues have gradually aroused the concern of researchers. Past research proves that there are privacy risks when people use smart home devices and some protection methods are proposed to protect people's privacy. However, attackers can still infer people's behaviour and activities through analysing the wireless traffic of smart home devices. Herein, an attack method under complicated WiFi scenarios is demonstrated, including different locations, different buildings and different networks. In addition, a new protection method, Air-Padding, is developed, which can change the traffic patterns of smart home devices through injecting constructed packets into the link between devices and routers. The results prove that Air-Padding can prevent people's behaviour and activities from being analysed and inferred.

Yohan Beugin,Quinn Burke,Blaine Hoak,Ryan Sheatsley,Eric Pauley,Gang Tan,Syed Rafiul Hussain,Patrick McDaniel

DOI: https://doi.org/10.2478/popets-2022-0034

2022-03-03

Proceedings on Privacy Enhancing Technologies

Abstract:Abstract Millions of consumers depend on smart camera systems to remotely monitor their homes and businesses. However, the architecture and design of popular commercial systems require users to relinquish control of their data to untrusted third parties, such as service providers (e.g., the cloud). Third parties therefore can (and in some instances have) access the video footage without the users’ knowledge or consent—violating the core tenet of user privacy. In this paper, we present CaCTUs , a privacy-preserving smart Camera system Controlled Totally by Users. CaCTUs returns control to the user ; the root of trust begins with the user and is maintained through a series of cryptographic protocols, designed to support popular features, such as sharing, deleting, and viewing videos live. We show that the system can support live streaming with a latency of 2 s at a frame rate of 10 fps and a resolution of 480 p. In so doing, we demonstrate that it is feasible to implement a performant smart-camera system that leverages the convenience of a cloud-based model while retaining the ability to control access to (private) data.

English Else

Peng Zhang,Tony Thomas,Sabu Emmanuel

DOI: https://doi.org/10.1007/s00530-011-0247-8

IF: 3.9

2011-01-01

Multimedia Systems

Abstract:Nowadays video surveillance systems are widely deployed in many public places. However, the widespread use of video surveillance violates the privacy rights of the people. Many authors have addressed the privacy issues from various points of view. In this paper we propose a novel, on-demand selectively revocable, privacy preserving mechanism. The surveillance video can be tuned to view with complete privacy or by revoking the privacy of any subset of pedestrians while ensuring complete privacy to the remaining pedestrians. We achieve this by tracking the pedestrians using a novel Markov chain algorithm with two hidden states, detecting the head contour of the tracked pedestrians and obscuring their faces using an encryption mechanism. The detected pedestrian face/head is obscured by encrypting with a unique key derived from a master key for the privacy preservation purpose. The performance evaluations on many challenging surveillance scenarios show that the proposed mechanism can effectively and robustly track as well as identify multiple pedestrians and obscure/unobscure their faces/head in real time.

Abbas Acar,Hossein Fereidooni,Tigist Abera,Amit Kumar Sikder,Markus Miettinen,Hidayet Aksu,Mauro Conti,Ahmad-Reza Sadeghi,Selcuk Uluagac

DOI: https://doi.org/10.1145/3395351.3399421

2020-05-14

Abstract:A myriad of IoT devices such as bulbs, switches, speakers in a smart home environment allow users to easily control the physical world around them and facilitate their living styles through the sensors already embedded in these devices. Sensor data contains a lot of sensitive information about the user and devices. However, an attacker inside or near a smart home environment can potentially exploit the innate wireless medium used by these devices to exfiltrate sensitive information from the encrypted payload (i.e., sensor data) about the users and their activities, invading user privacy. With this in mind,in this work, we introduce a novel multi-stage privacy attack against user privacy in a smart environment. It is realized utilizing state-of-the-art machine-learning approaches for detecting and identifying the types of IoT devices, their states, and ongoing user activities in a cascading style by only passively sniffing the network traffic from smart home devices and sensors. The attack effectively works on both encrypted and unencrypted communications. We evaluate the efficiency of the attack with real measurements from an extensive set of popular off-the-shelf smart home IoT devices utilizing a set of diverse network protocols like WiFi, ZigBee, and BLE. Our results show that an adversary passively sniffing the traffic can achieve very high accuracy (above 90%) in identifying the state and actions of targeted smart home devices and their users. To protect against this privacy leakage, we also propose a countermeasure based on generating spoofed traffic to hide the device states and demonstrate that it provides better protection than existing solutions.

Cryptography and Security

Yushi Cheng,Xiaoyu Ji,Tianyang Lu,Wenyuan Xu

DOI: https://doi.org/10.1145/3196494.3196509

2018-01-01

Abstract:Wireless cameras are widely deployed in surveillance systems for security guarding. However, the privacy concerns associated with unauthorized videotaping, are drawing an increasing attention recently. Existing detection methods for unauthorized wireless cameras are either limited by their detection accuracy or requiring dedicated devices. In this paper, we propose DeWiCam, a lightweight and effective detection mechanism using smartphones. The basic idea of DeWiCam is to utilize the intrinsic traffic patterns of flows from wireless cameras. Compared with traditional traffic pattern analysis, DeWiCam is more challenging because it cannot access the encrypted information in the data packets. Yet, DeWiCam overcomes the difficulty and can detect nearby wireless cameras reliably. To further identify whether a camera is in an interested room, we propose a human-assisted identification model. We implement DeWiCam on the Android platform and evaluate it with extensive experiments on 20 cameras. The evaluation results show that DeWiCam can detect cameras with an accuracy of 99% within 2.7 s.

Jie Xu,Lingjie Duan,Rui Zhang

DOI: https://doi.org/10.48550/arXiv.1612.07859

2016-12-23

Abstract:Conventional wireless security assumes wireless communications are rightful and aims to protect them against malicious eavesdropping and jamming attacks. However, emerging infrastructure-free mobile communication networks are likely to be illegally used (e.g., by criminals or terrorists) but difficult to be monitored, thus imposing new challenges on the public security. To tackle this issue, this article presents a paradigm shift of wireless security to the surveillance and intervention of infrastructure-free suspicious and malicious wireless communications, by exploiting legitimate eavesdropping and jamming jointly. In particular, {\emph{proactive eavesdropping}} (via jamming) is proposed to intercept and decode information from suspicious communication links for the purpose of inferring their intentions and deciding further measures against them. {\emph{Cognitive jamming}} (via eavesdropping) is also proposed so as to disrupt, disable, and even spoof the targeted malicious wireless communications to achieve various intervention tasks.

Information Theory,Cryptography and Security