Open Access
Subscription Access
IOT Security: Penetration Testing of White-Label Cloud-Based IOT Camera Compromising Personal Data Privacy
The Internet is driving force on how we communicate with one another, from posting messages and images to Facebook or “tweeting” your activities from your vacation. Today it is being used everywhere, now imagine a device that connects to the internet sends out data based on its sensors, this is the Internet-of-Things, a connection of objects with a plethora of sensors. Smart devices as they are commonly called, are invading our homes. With the proliferation of cheap Cloud-based IoT Camera use as a surveillance system to monitor our homes and loved ones right from the palm of our hand using our smartphones. These cameras are mostly white-label product, a process in which the product comes from a single manufacturer and bought by a different company where they are re-branded and sold with their own product name, a method commonly practice in the retail and manufacturing industry. Each Cloud-based IoT cameras sold are not properly tested for security. The problem arises when a hacker, hacks into the Cloud-based IoT Camera sees everything we do, without us knowing about it. Invading our personal digital privacy. This study focuses on the vulnerabilities found on White-label Cloud-based IoT Camera on the market specifically on a Chinese brand sold by Shenzhen Gwelltimes Technology. How this IoT device can be compromised and how to protect our selves from such cyber-attacks.
Keywords
Network Protocols, Wireless Network, Mobile Network, Virus, Worms &Trojon, Internet of Things, Hacker, Smart Camera.
User
Font Size
Information
- “PRIVACY | definition in the Cambridge English Dictionary.” [Online]. Available: https://dictionary.cambridge.org/us/dictionary/english/privacy. [Accessed: 23-Jun-2019].
- “Summary: Philippines Data Privacy Act and implementing regulations.” [Online]. Available: https://iapp.org/news/a/summary-philippines-data-protection-act-and-implementing-regulations/. [Accessed: 23-Jun-2019].
- D. G. Aneela, I. A. Anusha, K. Malavika, and R. Saripalle, “Research Trends of Network Security in IoT,” vol. 4863, no. September, pp. 6–10, 2017.
- S. Ullah, L. Marcenaro, and B. Rinner, “Secure smart cameras by aggregate-signcryption with decryption fairness for multi-receiver IoT applications,” Sensors (Switzerland), vol. 19, no. 2, 2019.
- “The Ultimate Guide to White-Label Products & Solutions - Vendasta.” [Online]. Available: https://www.vendasta.com/blog/the-ultimate-guide-to-white-label#how-white-label-works. [Accessed: 09-Jul-2019].
- “Why A White Label Solution Is Easier Than Building Your Own.” [Online]. Available: https://www.forbes.com/sites/theyec/2014/06/03/why-a-white-label-solution-is-easier-than-building-your-own/#748a2186dd9e. [Accessed: 09-Jul-2019].
- “What is White Labeling? Pros and Cons of White Labeling Software | CallRail.” [Online]. Available: https://www.callrail.com/blog/what-is-white-labeling/. [Accessed: 24-Jun-2019].
- K. Olha, “An investigation of lightweight cryptography and using the key derivation function for a hybrid scheme for security in IoT,” p. 42, 2017.
- Y. Seralathan et al., “IoT security vulnerability: A case study of a Web camera,” Int. Conf. Adv. Commun. Technol. ICACT, vol. 2018-Febru, pp. 172–177, 2018.
- J. Porras, J. Pänkäläinen, A. Knutas, and J. Khakurel, “Security In The Internet Of Things - A Systematic Mapping Study,” Proc. 51st Hawaii Int. Conf. Syst. Sci., pp. 3750–3759, 2018.
- J. Bugeja, D. Jönsson, and A. Jacobsson, “An Investigation of Vulnerabilities in Smart Connected Cameras,” 2018 IEEE Int. Conf. Pervasive Comput. Commun. Work. PerCom Work. 2018, pp. 537–542, 2018.
- R. Williams, E. McMahon, S. Samtani, M. Patton, and H. Chen, “Identifying vulnerabilities of consumer Internet of Things (IoT) devices: A scalable approach,” 2017 IEEE Int. Conf. Intell. Secur. Informatics Secur. Big Data, ISI 2017, pp. 179–181, 2017.
- M. G. Samaila, M. Neto, D. A. B. Fernandes, M. M. Freire, and P. R. M. Inácio, “Security challenges of the Internet of Things,” Internet of Things, no. 9783319507569, pp. 53–82, 2017.
- J. N. Goel and B. M. Mehtre, “Vulnerability Assessment & Penetration Testing as a Cyber Defence Technology,” Procedia Comput. Sci., vol. 57, pp. 710–715, 2015.
- “Angry IP Scanner - the original IP scanner for Windows, Mac and Linux.” [Online]. Available: https://angryip.org/. [Accessed: 10-Jul-2019].
- “What is Nmap? Why you need this network mapper | Network World.” [Online]. Available: https://www.networkworld.com/article/3296740/what-is-nmap-why-you-need-this-network-mapper.html. [Accessed: 10-Jul-2019].
- “What is Real Time Streaming Protocol (RTSP)? - Definition from Techopedia.” [Online]. Available: https://www.techopedia.com/definition/4753/real-time-streaming-protocol-rtsp. [Accessed: 10-Jul-2019].
Abstract Views: 271
PDF Views: 143