Standard PCs are protected well because users continuously interact with them. On the
other hand, IP cameras suer from a lack of supervision. Therefore, their “invisibility”
allows for hackers to silently hack them.
Since IP cameras are quick, 24/7 connected, and use high bandwidth to process the image
and video data, thus they especially singled out for DDoS attacks by cybercriminals.
How Are IP Cameras Attacked?
Usually, an IP camera is attacked with the following method.
1. Hackers identify a device which has open ports of UPnP, Secure Shell, or Telnet.
Subsequently, they perform a trial-and-error method by using the default credentials.
If such a strategy fails, then they try to ascertain whether the system is patched or not.
Those cameras which are still using outdated firmware and software are compromised
and the cybercriminals get the control.
2. When the device is fully under the control of the hackers, they establish a connection
between the device and the C2C server. This connection helps them to download and run
dierent types of malicious files and scripts. As the IP camera receives commands from the
servers, the UDP protocol is exploited to carry out dierent malicious activities from them.
3. Based on the type of IoT malware, a scan is run on the network through which the
malware spreads or propagates to other devices with the same vulnerability. This
process is performed either manually or automatically by the C2C server.
Zero-Day Bug
In the mid-2018, Swann, an American company was forced to resolve their security vulnerability
which existed in their IoT cameras. The company is known for providing CCTV solutions to
their customers. Due to the vulnerability, any remote hacker could use their cameras and see
the video feeds of their users.
An experienced research team belonging to Pen Test Partners along with other secu-
rity analysts embarked on the mission to assess the cameras’ vulnerability. They created a
proof-of-concept which exploited those security openings which existed in the cloud service—
Safe by Swann—of the device. Eventually, they were successful in accessing their IoT cameras
and ran the footage on their smartphones by hacking into each other’s cameras.
One of the researchers revealed that from the consumer point of view, the vulnerability
was quite problematic and concerning. He complimented Swann on their prompt action and
resolution of the device’s vulnerability.
The vulnerability was originally revealed when Louisa Lewis—an employee in BBC—
and user of Swann’s cameras used her smartphone to check on her home’s video feed. After
some time, she realized that the video feed was not from her own home and believed that it
was some sort of error. However, as she began receiving more alerts, she became doubtful and
thus reported the situation to Swann who then took the prompt action to remove the flaw. The
videos which were received by her included a complete family footage involving a man, woman,
and a child along with their voices.
The aected camera displays HD footage and is powered by a battery. It streams video via
both cloud and local networks. When a customer tries to log in to their IoT camera system via
the Safe by Swann service, the server receives a request and creates a response which consists
of the account’s devices.
294 Internet of Things
Internet_of_Things_CH11_pp271-308.indd 294 9/3/2019 10:16:21 AM
..................Content has been hidden....................

You can't read the all page of ebook, please click here login for view all page.
Reset
18.118.102.225