Analyzing the Security and Privacy of Cloud-based Video Surveillance Systems
| Title | Analyzing the Security and Privacy of Cloud-based Video Surveillance Systems |
| Publication Type | Conference Paper |
| Year of Publication | 2016 |
| Authors | Obermaier, Johannes, Hutle, Martin |
| Conference Name | Proceedings of the 2Nd ACM International Workshop on IoT Privacy, Trust, and Security |
| Publisher | ACM |
| Conference Location | New York, NY, USA |
| ISBN Number | 978-1-4503-4283-4 |
| Keywords | cloud, Damage Assessment, embedded security, home automation, Internet of Things, Metrics, pentesting, privacy, pubcrawl, Resiliency, Scalability, security analysis, surveillance systems, user privacy, user privacy in the cloud, video surveillance |
| Abstract | In the area of the Internet of Things, cloud-based camera surveillance systems are ubiquitously available for industrial and private environments. However, the sensitive nature of the surveillance use case imposes high requirements on privacy/confidentiality, authenticity, and availability of such systems. In this work, we investigate how currently available mass-market camera systems comply with these requirements. Considering two attacker models, we test the cameras for weaknesses and analyze for their implications. We reverse-engineered the security implementation and discovered several vulnerabilities in every tested system. These weaknesses impair the users' privacy and, as a consequence, may also damage the camera system manufacturer's reputation. We demonstrate how an attacker can exploit these vulnerabilities to blackmail users and companies by denial-of-service attacks, injecting forged video streams, and by eavesdropping private video data - even without physical access to the device. Our analysis shows that current systems lack in practice the necessary care when implementing security for IoT devices. |
| URL | http://doi.acm.org/10.1145/2899007.2899008 |
| DOI | 10.1145/2899007.2899008 |
| Citation Key | obermaier_analyzing_2016 |