[Paper] Spying on the Spy: Security Analysis of Hidden Cameras

[samueljh1]

After investigating a collection of generic Chinese hidden camera modules, I identified several critical vulnerabilities that enable attackers to gain full control over a target device from anywhere in the world. The problem is that these modules are components in various devices sold online (on stores such as Amazon), and are listed under various brand names. All the attacker needs is your device's serial number, which users sometimes disclose in online reviews. It is also possible that an attacker may obtain your serial through enumeration or other means. Possible attacks (that I have demonstrated) include:

• Bypassing the user's (in-app) password
• Downloading the user's password (in plaintext)
• Live streaming video
• Extracting the user's WiFi password
• Extracting the entire filesystem (including historic video data)
• Opening a reverse-shell
• Attacking other devices in the user's home network

As a consumer, you should be wary when installing any WiFi-connected IoT device into your home network, including these spy cameras. When buying a cheap IoT product, expect them to be full of security vulnerabilities – you pay for what you get. Even reputable brands sometimes design their products with critical flaws. To make things worse, these specific modules include no updating functionality. I even tried to contact the responsible manufacturer(s) and they refused to cooperate. This means that your spy camera will remain vulnerable indefinitely. The only option left is to throw these kinds of devices out.

Many cheap IoT devices commonly use peer-to-peer technology to enable remote access. These systems are flawed by design, and expose your devices to the internet. This is what makes the attacks listed previously possible from anywhere in the world. In addition to the flaws found in the spy cameras, my research identifies an encryption flaw in the peer-to-peer system that exposes all devices connected to the network. This network is used by over 50 million IoT devices – not just spy cameras!

I hope this research will be eye-opening to consumers and will prompt manufacturers to design their products with security as a priority.

You can access the full paper here: [2306.00610] Spying on the Spy: Security Analysis of Hidden Cameras.

 

[hawkeye217]

Great paper!

I bought the camera pictured last year in an attempt to see if I could pull a live stream off of it, and I was shocked when I was able to view things like wifi credentials and camera password all in unencrypted JSON over UDP. The Aliexpress seller advertised it as a 4k camera, but even after receiving it and determining the SoC was only capable of 720p, the seller (and Aliexpress) refused to refund my money.

Consumers need to be aware of these kinds of issues. The low cost and convenience isn't worth the loss of privacy. Though issues like this can be partially mitigated by an end-user (MAC address blocking at the router level, for example), it does take a bit of technical knowledge and isn't always practical.

Best advice: steer clear of cheap devices like this unless you know what you're doing.

 

[mat200]

After investigating a collection of generic Chinese hidden camera modules, I identified several critical vulnerabilities that enable attackers to gain full control over a target device from anywhere in the world. The problem is that these modules are components in various devices sold online (on stores such as Amazon), and are listed under various brand names. All the attacker needs is your device's serial number, which users sometimes disclose in online reviews. It is also possible that an attacker may obtain your serial through enumeration or other means. Possible attacks (that I have demonstrated) include:

• Bypassing the user's (in-app) password
• Downloading the user's password (in plaintext)
• Live streaming video
• Extracting the user's WiFi password
• Extracting the entire filesystem (including historic video data)
• Opening a reverse-shell
• Attacking other devices in the user's home network

As a consumer, you should be wary when installing any WiFi-connected IoT device into your home network, including these spy cameras. When buying a cheap IoT product, expect them to be full of security vulnerabilities – you pay for what you get. Even reputable brands sometimes design their products with critical flaws. To make things worse, these specific modules include no updating functionality. I even tried to contact the responsible manufacturer(s) and they refused to cooperate. This means that your spy camera will remain vulnerable indefinitely. The only option left is to throw these kinds of devices out.

Many cheap IoT devices commonly use peer-to-peer technology to enable remote access. These systems are flawed by design, and expose your devices to the internet. This is what makes the attacks listed previously possible from anywhere in the world. In addition to the flaws found in the spy cameras, my research identifies an encryption flaw in the peer-to-peer system that exposes all devices connected to the network. This network is used by over 50 million IoT devices – not just spy cameras!

I hope this research will be eye-opening to consumers and will prompt manufacturers to design their products with security as a priority.

You can access the full paper here: [2306.00610] Spying on the Spy: Security Analysis of Hidden Cameras.

View attachment 164838

Excellent job @samueljh1 !!

Thanks for sharing this .. looks like you're ready to hit the Defcon and info-sec conference presentations with this ..

 

[samueljh1]

Excellent job @samueljh1 !!

Thanks for sharing this .. looks like you're ready to hit the Defcon and info-sec conference presentations with this ..

Thank you! I will be presenting it in August at NSS 2023: 17th International Conference on Network and System Security (NSS-SocialSec 2023).