skip to main content
research-article

Under the Concealing Surface: Detecting and Understanding Live Webcams in the Wild

Authors Info & Claims
Published:27 May 2020Publication History
Skip Abstract Section

Abstract

Given the central role of webcams in monitoring physical surroundings, it behooves the research community to understand the characteristics of webcams' distribution and their privacy/security implications. In this paper, we conduct the first systematic study on live webcams from both aggregation sites and individual webcams (webpages/IP hosts). We propose a series of efficient, automated techniques for detecting and fingerprinting live webcams. In particular, we leverage distributed algorithms to detect aggregation sites and generate webcam fingerprints by utilizing the Graphical User Interface (GUI) of the built-in web server of a device. Overall, we observe 0.85 million webpages from aggregation sites hosting live webcams and 2.2 million live webcams in the public IPv4 space. Our study reveals that aggregation sites have a typical long-tail distribution in hosting live streams (5.8% of sites contain 90.44% of live streaming contents), and 85.4% of aggregation websites scrape webcams from others. Further, we observe that (1) 277,239 webcams from aggregation sites and IP hosts (11.7%) directly expose live streams to the public, (2) aggregation sites expose 187,897 geolocation names and more detailed 23,083 longitude/latitude pairs of webcams, (3) the default usernames and passwords of 38,942 webcams are visible on aggregation sites in plaintext, and (4) 1,237 webcams are detected as having been compromised to conduct malicious behaviors.

References

  1. Mathias M Adankon and Mohamed Cheriet. 2009. Support vector machine. Encyclopedia of biometrics . Springer, 1303--1308.Google ScholarGoogle Scholar
  2. Mark Alllman and Vern Paxson. 2007. Issues and Etiquette Concerning Use of Shared Measurement Data. In Proceedings of the 7th ACM SIGCOMM Conference on Internet Measurement (IMC '07). ACM, New York, NY, USA, 135--140. https://doi.org/10.1145/1298306.1298327Google ScholarGoogle ScholarDigital LibraryDigital Library
  3. Amazon. 2015. EMR, A Scale Big Data Framework for Apache Spark and Hadoop . https://aws.amazon.com/emr/. (2015).Google ScholarGoogle Scholar
  4. ANGR. 2016. A platform-agnostic binary analysis framework. . (2016). https://github.com/angr/angrGoogle ScholarGoogle Scholar
  5. Manos Antonakakis, Tim April, Michael Bailey, Matthew Bernhard, Elie Bursztein, Jaime Cochran, Zakir Durumeric, J. Alex Halderman, Luca Invernizzi, Michalis Kallitsis, Deepak Kumar, Chaz Lever, Zane Ma, Joshua Mason, Damian Menscher, Chad Seaman, Nick Sullivan, Kurt Thomas, and Yi Zhou. 2017. Understanding the Mirai Botnet. In Proceedings of the 26th USENIX Conference on Security Symposium .Google ScholarGoogle ScholarDigital LibraryDigital Library
  6. Binwalk. 2012. The tool for analyzing, reverse engineering, and extracting firmware images. (2012). https://github.com/ReFirmLabs/binwalkGoogle ScholarGoogle Scholar
  7. Christopher M Bishop. 2007. Pattern recognition and machine learning (information science and statistics) .Springer.Google ScholarGoogle ScholarDigital LibraryDigital Library
  8. CalOPPA. 2004. California Online Privacy Protection Act . (2004).Google ScholarGoogle Scholar
  9. Censys. 2015. a search engine based on Internet-wide scanning for the devices and networks. https://censys.io/. (2015).Google ScholarGoogle Scholar
  10. Daming D Chen, Manuel Egele, Maverick Woo, and David Brumley. 2016. Towards Automated Dynamic Analysis for Linux-based Embedded Firmware. In Network and Distributed System Security Symposium (NDSS) .Google ScholarGoogle Scholar
  11. K. Cheng, Q. Li , L. Wang, Q. Chen, Y. Zheng, L. Sun, and Z. Liang. 2018. DTaint: Detecting the Taint-Style Vulnerability in Embedded Device Firmware. In 2018 48th Annual IEEE/IFIP International Conference on Dependable Systems and Networks (DSN). 430--441. https://doi.org/10.1109/DSN.2018.00052Google ScholarGoogle Scholar
  12. Andrei Costin, Jonas Zaddach, Aurélien Francillon, and Davide Balzarotti. 2014. A Large-Scale Analysis of the Security of Embedded Firmwares. In 23rd USENIX Security Symposium . San Diego, CA, 95--110.Google ScholarGoogle Scholar
  13. Common Crawl. 2013. An Open Repository of Web CrawlData . (2013).Google ScholarGoogle Scholar
  14. Jeffrey Dean and Sanjay Ghemawat. 2008. MapReduce: simplified data processing on large clusters . Communications of the ACM, 2008 , Vol. 51, 1 (2008), 107--113.Google ScholarGoogle ScholarDigital LibraryDigital Library
  15. David Dittrich, Erin Kenneally, et almbox. 2012. The Menlo Report: Ethical principles guiding information and communication technology research . Technical Report. US Department of Homeland Security.Google ScholarGoogle Scholar
  16. Zakir Durumeric, David Adrian, Ariana Mirian, Michael Bailey, and J Alex Halderman. 2015. A Search Engine Backed by Internet-Wide Scanning. Proceedings of the 22nd ACM SIGSAC Conference on Computer and Communications Security (CCS). ACM, 542--553.Google ScholarGoogle ScholarDigital LibraryDigital Library
  17. Zakir Durumeric, James Kasten, David Adrian, J. Alex Halderman, Michael Bailey, Frank Li, Nicholas Weaver, Johanna Amann, Jethro Beekman, Mathias Payer, and Vern Paxson. 2014. The Matter of Heartbleed. In Proceedings of the Internet Measurement Conference (IMC) Vancouver, BC, Canada, November 5--7, 2014. 475--488.Google ScholarGoogle ScholarDigital LibraryDigital Library
  18. Zakir Durumeric, Eric Wustrow, and J. Alex Halderman. 2013. ZMap: Fast Internet-wide Scanning and Its Security Applications. In USENIX Security Symposium, vol. 8, pp. 47--53. 2013. 605--620.Google ScholarGoogle Scholar
  19. Claude Fachkha, Elias Bou-Harb, Anastasis Keliris, Nasir Memon, and Mustaque Ahamad. 2017. Internet-scale probing of CPS: Inference, characterization and orchestration analysis. In Proceedings of Network and Distributed System Security Symposium, NDSS, 2017, Vol. 17.Google ScholarGoogle ScholarCross RefCross Ref
  20. Xuan Feng, Qiang Li, Haining Wang, and Limin Sun. 2018. Acquisitional Rule-based Engine for Discovering Internet-of-Things Devices. In 27th USENIX Security Symposium (USENIX Security 18). Baltimore, MD, 327--341.Google ScholarGoogle Scholar
  21. FFmpeg. 2000. a complete, cross-platform solution to record, convert and stream audio and video . https://www.ffmpeg.org/. (2000).Google ScholarGoogle Scholar
  22. Jerome H Friedman. 2001. Greedy function approximation: a gradient boosting machine. Annals of statistics (2001), 1189--1232.Google ScholarGoogle Scholar
  23. Manaf Gharaibeh, Anant Shah, Bradley Huffaker, Han Zhang, Roya Ensafi, and Christos Papadopoulos. 2017. A Look at Router Geolocation in Public and Commercial Databases. In Proceedings of the 2017 Internet Measurement Conference (IMC '17). ACM, New York, NY, USA, 463--469. https://doi.org/10.1145/3131365.3131380Google ScholarGoogle ScholarDigital LibraryDigital Library
  24. Honeypot. 2015. The Honeynet Project. (2015). https://www.honeynet.org/Google ScholarGoogle Scholar
  25. Damilola Ibosiola, Benjamin Steer, Alvaro Garcia-Recuero, Gianluca Stringhini, Steve Uhlig, and Gareth Tyson. 2018. Movie pirates of the caribbean: Exploring illegal streaming cyberlockers. In Twelfth International AAAI Conference on Web and Social Media .Google ScholarGoogle ScholarCross RefCross Ref
  26. ICO. 2015. Joint letter to the operators of Insecam . https://ico.org.uk/media/about-the-ico/documents/1043287/ico-letter-to-webcam-manufacturers.pdf . (2015).Google ScholarGoogle Scholar
  27. Insecam. 2014. Network live IP video cameras directory . http://www.insecam.org/en/. (2014).Google ScholarGoogle Scholar
  28. Nathan Jacobs, Walker Burgin, Nick Fridrich, Austin Abrams, Kylia Miskell, Bobby H. Braswell, Andrew D. Richardson, and Robert Pless. 2009. The Global Network of Outdoor Webcams: Properties and Applications. In Proceedings of the 17th ACM SIGSPATIAL International Conference on Advances in Geographic Information Systems (GIS '09). ACM, New York, NY, USA, 111--120. https://doi.org/10.1145/1653771.1653789Google ScholarGoogle ScholarDigital LibraryDigital Library
  29. JPEG. 1992. Joint Photographic Experts Group for lossy compression for digital images . https://jpeg.org/about.html . (1992).Google ScholarGoogle Scholar
  30. Oliver Kramer. 2013. K-nearest neighbors. Dimensionality Reduction with Unsupervised Nearest Neighbors. Springer, 13--23.Google ScholarGoogle Scholar
  31. K Ming Leung. 2007. Naive bayesian classifier. Polytechnic University Department of Computer Science/Finance and Risk Engineering (2007).Google ScholarGoogle Scholar
  32. Li-Jia Li and Li Fei-Fei. 2007. What, where and who? classifying events by scene and object recognition. In 2007 IEEE 11th International Conference on Computer Vision (ICCV). IEEE, 1--8.Google ScholarGoogle ScholarCross RefCross Ref
  33. Qiang Li, Xuan Feng, Haining Wang, Zhi Li, and Limin Sun. 2018. Towards fine-grained fingerprinting of firmware in online embedded devices. In IEEE International Conference on Computer Communications (INFOCOM 2018) .Google ScholarGoogle ScholarDigital LibraryDigital Library
  34. Q. Li, X. Feng , H. Wang, and L. Sun. 2018. Understanding the Usage of Industrial Control System Devices on the Internet. IEEE Internet of Things Journal , Vol. 5, 3 (June 2018), 2178--2189. https://doi.org/10.1109/JIOT.2018.2826558Google ScholarGoogle ScholarCross RefCross Ref
  35. Masscan. 2013. Network Scanner tool for scanning Internet port . https://github.com/robertdavidgraham/masscan . (2013).Google ScholarGoogle Scholar
  36. MaxMind. 2002. MaxMind GeoIP2 database provides location data for IP addresses . https://www.maxmind.com/en/geoip2-services-and-databases . (2002).Google ScholarGoogle Scholar
  37. Austin Murdock, Frank Li, Paul Bramsen, Zakir Durumeric, and Vern Paxson. 2017. Target generation for Internet-wide IPv6 scanning. Proceedings of the 2017 Internet Measurement Conference. ACM, 242--253.Google ScholarGoogle ScholarDigital LibraryDigital Library
  38. NLTK. 2001. a suite of libraries and programs for symbolic and statistical natural language processing. http://www.nltk.org/. (2001).Google ScholarGoogle Scholar
  39. Nmap. 1997. Network Security Scanner tool . https://nmap.org/. (1997).Google ScholarGoogle Scholar
  40. RFC 5905 NTP. 1985. The Network Time Protocol Protocol for synchronize the clocks of computers over a network. http://www.ntp.org/. (1985).Google ScholarGoogle Scholar
  41. Webcam Number. 2014. Information Handling Services Markit, 245 million video surveillance cameras installed globally. https://technology.ihs.com/532501/cameras-installed-globally-in-2014 . (2014).Google ScholarGoogle Scholar
  42. ONVIF. [n. d.]. Open Network Video Interface Forum website . ([n. d.]). http://www.onvif.orgGoogle ScholarGoogle Scholar
  43. M Zubair Rafique, Tom Van Goethem, Wouter Joosen, Christophe Huygens, and Nick Nikiforakis. 2016. It's free for a reason: Exploring the ecosystem of free live streaming services. In Proceedings of the 23rd Network and Distributed System Security Symposium (NDSS 2016) . Internet Society, 1--15.Google ScholarGoogle ScholarCross RefCross Ref
  44. BBC report. 2017. BBC report, In Your Face: China's all-seeing state . https://www.bbc.com/news/av/world-asia-china-42248056/in-your-face-china-s-all-seeing-state . (2017).Google ScholarGoogle Scholar
  45. Mirai Report. 2016. the cyber attack disrupts internet service across Europe and US via Mirai . https://www.theguardian.com/technology/2016/oct/21/ddos-attack-dyn-internet-denial-service . (2016).Google ScholarGoogle Scholar
  46. Scrapy. 2008. A Fast and Powerful Scraping and Web Crawling Framework . https://scrapy.org . (2008).Google ScholarGoogle Scholar
  47. Zain Shamsi, Daren B. H. Cline, and Dmitri Loguinov. 2017. Faulds: A Non-Parametric Iterative Classifier for Internet-Wide OS Fingerprinting. In Proceedings of the ACM SIGSAC Conference on Computer and Communications Security, CCS, Dallas, TX, USA, October 30 - November 03, 2017 . 971--982.Google ScholarGoogle ScholarDigital LibraryDigital Library
  48. Zain Shamsi, Ankur Nandwani, Derek Leonard, and Dmitri Loguinov. 2014. Hershel: Single-packet Os Fingerprinting. In The 2014 ACM International Conference on Measurement and Modeling of Computer Systems (SIGMETRICS '14). 195--206.Google ScholarGoogle Scholar
  49. Shodan. 2009. The search engine for Internet-connected devices . https://www.shodan.io/. (2009).Google ScholarGoogle Scholar
  50. Beautiful Soup. 2012. package for parsing HTML and XML documents . https://www.crummy.com/software/BeautifulSoup/. (2012).Google ScholarGoogle Scholar
  51. VLC. 2001. media player originated by the VideoLan software . https://www.videolan.org/. (2001).Google ScholarGoogle Scholar
  52. WARC. 2015. Web ARChive file format combines multiple digital resources into an aggregate archive file together with related information. https://www.loc.gov/preservation/digital/formats/fdd/fdd000236.shtml. (2015).Google ScholarGoogle Scholar
  53. Webcam. 2012. Flaw in Home Security Cameras Exposes Live Feeds to Hackers. (2012). https://www.wired.com/2012/02/home-cameras-exposed/Google ScholarGoogle Scholar
  54. ICANN WHOIS. 1995. Whois Database for Registration Data. https://www.whois.net/. (1995).Google ScholarGoogle Scholar

Index Terms

  1. Under the Concealing Surface: Detecting and Understanding Live Webcams in the Wild

        Recommendations

        Comments

        Login options

        Check if you have access through your login credentials or your institution to get full access on this article.

        Sign in

        Full Access

        PDF Format

        View or Download as a PDF file.

        PDF

        eReader

        View online with eReader.

        eReader
        About Cookies On This Site

        We use cookies to ensure that we give you the best experience on our website.

        Learn more

        Got it!