Lmst

#InternetSecurityCameras

«[2306.00610] Spying on the Spy: Security Analysis of Hidden Cameras» #InternetSecurityCameras #TCPICameras #SecurityAnalysis

https://arxiv.org/abs/2306.00610

Computer Science > Cryptography and Security arXiv:2306.00610 (cs) [Submitted on 1 Jun 20231 Spying on the Spy: Security Analysis of Hidden Cameras Samuel Herodotou, Feng Hao Download PDF Hidden cameras, also called spy cameras, are surveillance tools commonly used to spy on people without their knowledge. Whilst previous studies largely focused on investigating the detection of such a camera and the privacy implications, the security of the camera itself has received limited attention. Compared with ordinary I cameras, spy cameras are normally sold in bulk at cheap prices and are ubiquitously deployed in hidden places within homes and workplaces. A security compromise of these cameras can have severe consequences. In this paper, we analyse a generic IP camera module, which has been packaged and re- branded for sale by several spy camera vendors. The module is controlled by mobile phone apps. By analysing the Android app and the traffic data, we reverse-engineered the security design of the whole system, including the module's Linux OS environment, the file structure, the authentication mechanism, the session management, and the communication with a remote server. Serious vulnerabilities have been identified in every component. Combined together, they allow an adversary to take complete control of a spy camera from anywhere over the Internet, enabling arbitrary code execution. This is possible even if the camera is behind a firewall.

Client Info

Server: https://mastodon.social

Version: 2025.07

Repository: https://github.com/cyevgeniy/lmst