• No results found

On the investigation of vulnerabilities in smart connected cameras

N/A
N/A
Protected

Academic year: 2021

Share "On the investigation of vulnerabilities in smart connected cameras"

Copied!
38
0
0

Loading.... (view fulltext now)

Full text

(1)

Teknik och samhälle Datavetenskap

Bachelor’s thesis 15 credits, ground level

On the investigation of vulnerabilities in smart connected

cameras

Undersökning av sårbarheter i smarta anslutna kameror

Désirée Jönsson

Exam: Bachelor of Science in Engineering Area: Computer Engineering

Supervisor: Joseph Bugeja Examiner: Andreas Jacobsson

(2)

Abstract

Humans have always developed products to simplify their everyday lives in the home en-vironment. A fast growing area is the Internet of Things where smart connect devices belong. The intention with smart cameras is surveillance where one can monitor their smart camera wireless from e.g a smartphone. Challenges with the intelligent connected cameras includes, how to get knowledge about espionage, attacks and damages. Many of these smart cameras have a reduced-size, low-power hardware with smaller resources avail-able, and therefore unable to implement optimal security mechanisms. Although these connected cameras can enrich the safety and create security with their surveillance, the smart camera also allows new ways for attackers to intrude due to the devices are con-nected to the Internet.

The purpose of this thesis is to investigate what kind of open data is available on the Internet from, connected cameras. This is done by creating a program to extract publicly available smart camera information that is visible to anyone who has access to the Internet, and thus access to Shodan’s search engine. The open data shows vulnerabilities that can potentially be exploited to intrude on devices. The vulnerabilities found in the connected cameras due to availability of Shodan, were insecure configuration management and insuf-ficient authentication. By highlighting significant vulnerabilities in smart cameras found today, the thesis can contribute to how one with publicly available information can gain knowledge about vulnerabilities in smart devices. Given that vulnerabilities exist and the smart camera is connected to the Internet, it may be more than the owner of the smart camera that monitors the residence.

(3)

Sammanfattning

Människan har alltid utvecklat produkter för att förenkla sin vardag i hemmet. Ett område som växer snabbt är sakernas Internet där smarta ansluta enheter tillhör. Intentionen med smarta kameror är övervakning där man har möjlighet att bevaka sin intelligenta kam-era trådlöst från exempelvis en smartmobil. Utmaningar med de intelligenta anslutna kamerorna är att hur kan man få kunskap om spionage, attacker och skador. Många av dessa smarta kameror har mindre resurser tillgängliga, och har då inte möjlighet att imple-mentera optimala säkerhetsmekanismer. Även om dessa smarta enheter kan berika tillvaron och skapa trygghet med sin övervakning, så möjliggör också den smarta kameran nya sätt för angripare att göra intrång, då enheten är uppkopplade mot Internet.

Syftet med den här uppsatsen är att undersöka vilken öppen data som finns tillgänglig på Internet om uppkopplade kameror. Detta genom att skapa ett program för att ex-trahera publik tillgänglig information om smarta kameror som är synliga för alla som har tillgång till Internet, och då också tillgång till Shodans sökmotor. Den öppna datan påvisar sårbarheter som kan utnyttjas för att göra intrång. Sårbarheterna som fanns hos de uppkopplade kamerorna på grund av tillgängligheten på Shodan var osäker konfigu-rationshantering och otillräcklig autentisering. Genom att belysa befintliga sårbarheter i smarta kameror som finns idag, kunna bidra till hur man med publik tillgänglig information kan få kunskap om sårbarheter hos smarta produkter. Med bakgrund till att sårbarheter finns och den smarta kameran är uppkopplad mot Internet, kan det vara så att det är fler än ägaren till den smarta kameran som övervakar hemmet.

(4)

Acknowledgments

I would like to express gratitude to Joseph Bugeja for the feedback, inputs and always inspiring discussions during my work of this thesis.

(5)
(6)

Glossary

Connected camera: Is a device that can send and receive images/videos via a computer network and the Internet for different purposes. Also named Smart camera, IP camera, Network camera etc.

Common Vulnerabilities and Exposures (CVE): Provides a reference-method for publicly known information-security, vulnerabilities and exposures.

Insecure configuration management (ICM): Configuration management (CM) is a process for establishing and maintaining consistency of a product’s performance and secu-rity. Lack of CM can lead to insecure configuration management (ICM).

Internet of Things (IoT): The Internet of Things is a term used for the development of a network consisting of devices which are embedded with electronics, software, sensors and network connectivity that enables these objects to collect and exchange data. The devices are connected to one another or to the Internet via protocols, and are in general referred to as smart (connected) devices.

Open data: refers to digital information that is freely available without restrictions. Open Web Application Security Project (OWASP): is an organization with the ambition to support technologies in the field of web application security.

Passive reconnaissance: Information gathering without actively engaging with a system to cause harm.

Shodan: is a search engine for connected devices on the Internet.

Supervisory Control and Data Acquisition (SCADA): Software application pro-gram for process control.

Vulnerability: A weakness or defect in a system which enables an attacker to bypass security measures, and might be exploited to cause loss or harm.

Web crawlers: are software programs that uses another search engine’s data to pro-duce their own results from the Internet.

(7)

Table of Contents

1 Introduction 1

1.1 Problem Domain . . . 1

1.2 Problem Discussion . . . 2

1.3 Research Questions . . . 2

1.4 Scope and Limitations . . . 2

1.5 Thesis Organization . . . 3

2 Background 4 2.1 Smart Cameras . . . 4

2.2 Smart Homes . . . 4

2.3 Shodan . . . 5

2.3.1 What is Shodan and how to use it . . . 5

2.3.2 Open data on Shodan . . . 6

2.4 Vulnerability . . . 7

2.4.1 Common Vulnerabilities and Exposures (CVE) . . . 7

2.4.2 Open Web Application Security Project (OWASP) . . . 7

2.5 Reconnaissance . . . 8

3 Related Work 9 3.1 Uninvited Connections . . . 9

3.2 Internet of Things (IOT): Taxonomy of Security Attacks . . . 10

3.3 Exploiting known vulnerabilities of a smart thermostat . . . 10

3.4 Embedded systems security: Threats, vulnerabilities, and attack taxonomy . 11 4 Research Methodology 12 4.1 Methodology of choice . . . 13

4.2 Literature Study . . . 13

4.3 Experimental setup . . . 13

4.3.1 Create the program . . . 14

4.3.2 Verification of the program . . . 14

4.4 Procedure . . . 16

4.4.1 Extract the open data and filtration . . . 16

4.4.2 Data analysis . . . 16

5 Result and Analysis 17 5.1 The program . . . 17

5.1.1 Collected open data on smart cameras . . . 17

5.2 The vulnerabilities . . . 19

5.2.1 Specific vulnerabilities linked to CVE-2011-5261 . . . 19

5.2.2 Collected open data matching CVE-2011-5261 . . . 19

5.2.3 Insecure Configuration Management . . . 21

5.2.4 Insufficient authentication . . . 21

5.2.5 Vulnerability example tied to a specific smart camera . . . 23

(8)

6 Discussion 25

6.1 Related work . . . 25

6.2 Limitations discussion . . . 25

6.3 Methodology Discussion . . . 25

6.4 Ethics . . . 25

7 Conclusion and Future work 26 7.1 Answering the research questions . . . 26

7.2 Future Work . . . 26

A Search criteria 29

(9)

1

Introduction

Nowadays more individuals are relying on Internet technologies to meet their daily life activities. Most of the appliances such as washing machines, refrigerators are Internet-enabled, and also TVs are connected to the Internet [1]. The devices that are connected to one another or to the Internet via wireless protocols are in general referred to as smart (connected) devices. A part of a camera being smart is that they are autonomous and might act without users awareness or in some cases need of control. The connected devices are a part of Internet of Things (IoT). The IoT is about everyday devices that are using network connectivity that enable devices to collect and use data [1]. The IoT term was coined by Kevin Ashton 1998 [2]. Even earlier, the concept Ubiquitous computing was described by Mark Weiser and the concept describes the idea of integrating computing to appear anytime and everywhere [2].

A smart home is a residence that uses IoT technology and comprises a network of smart devices that meets different householders needs. The most prominent areas are: security, entertainment, energy and healthcare [5]. The global smart home market is growing at a fast pace. In 2015 the market was valued at $9.8 billion and is estimated to reach $43 billion in 2020 [5]. An example of a difference between a smart home in comparison to a traditional home are physical buttons. Physical buttons requires physical access in tradi-tional home. A person needs to physically turn the light on and off. In a smart home the physical access is not required. The buttons can be connected or disconnected with the help from wireless connectivity for e.g lighting control [1].

The number of connected devices introduced in the market has increased with connected devices, approaching about 15 billion today [3]. To take it in perspective, that is roughly two devices per human being. J. Wurm et al. [3] further discloses that the trend is going to continue and estimate about 26 billion network connected devices by the year 2020. This rapid increment of the smart home field leads to a race to put the next smart device on the market first. The consequence is that questions like security and vulnerability issues are not getting the focus and thought that are required [2] [3].

One uses the connected camera in the arguably most private environment there is, our home where there is personal data such as family photo albums, sensitive conversations, etc. By using these smart devices one also open up new ways for attackers to strike by taking advantage of vulnerabilities due to that the devices are connected to the Internet [22]. Vulnerabilities can lead to privacy intrusion for the owner of the connected camera if an attacker uses the vulnerabilities to bypass security [7].

1.1 Problem Domain

Considering the high volume of data that is now being put online, connected devices are susceptible to various security attacks. The fast development have raised security and pri-vacy concerns [2]. The concerns have real ground. In 2014 over 73,000 video cameras were found to be streaming their surveillance footage on the web [5]. A better understanding of

(10)

the security matters is crucial as adversary attacks are a major hindrance to the develop-ment of connected devices [1] [2] [3]. Even though it is established that better security is necessary, the complexity occurs due to a majority of smart home devices are designed to have a reduced-size, low-power hardware and current security mechanisms are not feasible in small sensor devices [1]. Other aspects is short time to market (TTM), reduction of cost and device’s design e.g. limited memory and CPU capacity. It contributes to that smart devices remain open for attacks and becomes an attractive target for attackers [3].

The smart connected home and IoT era enables new threats and new ways for the at-tackers to strike. The atat-tackers, also known as malicious actors may include hackers, thieves or organized crime. A way for the attackers to achieve their goals is with the help of public tools that use open source data [2]. Shodan is one such tool. Shodan is a search engine that is designed to identify and show devices that are connected to the Internet [4]. Even though e.g Bodenheim et al. [4] state that Shodan is, and can provide attackers with a powerful tool, the Shodan search engine should also be possible to use as a helping tool. With a helping tool it means that the open data available can give company quasi-real time information if their product is up and running on the web unprotected and investigate how it can be possible.

1.2 Problem Discussion

One possible way to gain knowledge about the vulnerabilities regarding smart home devices is through passive reconnaissance [20]. Passive reconnaissance are for example pinging a server or checking for open ports. Also gain knowledge by gathering quantitative data from the Shodan search engine about devices that are exposed today [6]. The information can possibly be of value when developing a new smart device, or when evaluating why something has happened to a specific device [2]. Also to confirm if a specific smart device have potential vulnerabilities and to which extent. By looking at similar smart devices and their vulnerabilities that are exposed on Shodan today, draw parallels to what one need to put extra security effort on.

1.3 Research Questions

The research aim of this thesis is to create a program to extract data through Shodan, see what kind of open data that is available about smart cameras on the web, and ascertain if the extracted data potentially exposes vulnerabilities. The research questions are stated below:

RQ1: What kind of open data is available about smart connected cameras?

RQ2: How can the data found from RQ1 be used to potentially exploit vulnerability? 1.4 Scope and Limitations

The thesis will be limited to only the smart connected cameras. Thus, answering if the data can be used to potentially exploit vulnerabilities, only connected cameras will be in-vestigated. The time frame that the data is extracted from Shodan is also set and limited to a given period of 18/06/2017 to 31/07/2017. There are several public tools that use open source data that can potentially be used for malice activities, however only Shodan will be discussed. Shodan will be discussed therefore the focus on this thesis is on intelli-gent devices and earlier research [6] and [4] have shown that Shodan can be of good use

(11)

if one investigate about intelligent devices. Also Shodan is the worlds first search engine that finds connected devices all around the world. The creation of the program is only to be considered as a proof-of-concept and for the use to extract the data needed to research the answers for this thesis.

As a disclaimer, there will be no attempt to intrude, download files and settings, or engage in any other activity beyond the verification of access and vulnerabilities.

1.5 Thesis Organization

The following part of the thesis is organized as follows. In chapter 2, the theoretical back-ground is described to give a deeper understanding about the theoretical - and technical areas around the thesis. Then in chapter 3, an overview of work which are related to this thesis are presented. In chapter 4, the methodology to reach the results are described and also the research workflow. The results and analysis are presented after in chapter 5. Consequently in chapter 6 the result are discussed. In the end, suggestions of future work is presented in chapter 7.

(12)

2

Background

This section covers the theoretical background related to this thesis. It aims to provide additional information for the reader. The aim is to briefly give insight to specific areas relevant to this thesis. Background related to smart devices and Shodan is relevant since it is important to understand the limitations within the areas. Vulnerabilities in the context of smart devices are described.

2.1 Smart Cameras

Video surveillance is one of oldest technologies of security, the most widespread and one of the most effective to prevent crimes according to K. Loukil et al. [12]. By using a intel-ligent camera for surveillance instead of an ordinary camera, benefits for the camera to be connected is that one can have access to monitor the home in real time. This means that the owner of the smart camera can monitor their home and for e.g their pets while they are at work, ensure that the home is intact from external damage due to weather conditions or any other reason one may have to check the home. [12]

A smart camera is connected to the Internet and is typically used for security reasons and monitoring purposes as surveillance, or in baby monitors [12]. The video surveillance had a digital revolution with the arrival of IP cameras [12]. A smart camera needs a wireless network, or a hard wired connection to a router to function. The main difference between a camera and a smart camera is that the smart camera can send and receive data via a computer network and the Internet for different purposes. Also a different can be that the smart camera has some level of autonomous, this can e.g be protection by alerting of intrusions. The smart camera can for e.g be connected to another smart device as an alarm. By being integrated with the home alarm, take picture autonomous while move-ment is detected. The purpose can be for monitor weather condition or for surveillance reasons. Another difference is that the smart cameras data can be shared among multiple users at different physical locations at the same time [12].

2.2 Smart Homes

The IoT is driven by a combination of connectivity, sensors and actuators combined with people and processes. According to C. Lee et al. [1] a smart home comprises of many different connected devices belonging to different application areas. Together these devices interact and cooperate among each others. These devices form a distributed heterogeneous network. A heterogeneous network means a network that connects computers and smart devices with different operating systems and/or protocols. A smart home can be referred also as a connected home [1].

The smart home is composed of hardware, software, services, humans and communica-tion (protocols). In terms of hardware it tends to consist of sensors and actuators devices. A sensor is an electronic component that collects a signal or data, e.g temperature sensor. An actuator is a component of a machine that is responsible for controlling a mechanism or a system. In the smart home there are wireless sensors throughout the smart home, for e.g help measuring temperature, smoke alarm, movement, leaks, sounds, flow etc. These sensors belongs to different applications. The input from the sensors are digitized and placed onto networks providing connectivity with the Internet. The humans are using the smart devices to benefit in their life for as mention earlier e.g surveillance purposes. [1]

(13)

Figure 1 is a simplified example of a scenario for a smart home, where one of the smart devices in the home is an IP Camera. IP Camera is seen as a synonym to a smart camera in this thesis. This IP Camera is a part of the security system of the smart home. Alarms are properly and timely reported to the intended receiver of the resident of the home. This could be happening due to technologies connected to gateways/routers which provide connectivity to outside network as Internet and the householder can get access to their IP camera.

Figure 1: An example of a smart home

The person in figure 1 represents the householder of the smart home. The IP camera and the other smart devices are connected to the local network and controlled by the home gateway. The gateway provides connectivity with the Internet. So through the Internet the resident can control the IP Camera in the smart home by e.g a smartphone. This opens up for an attacker to also monitor the residence.

2.3 Shodan

In these sections a brief introduction to Shodan is presented. 2.3.1 What is Shodan and how to use it

Shodan was launched by John Matherly 2009, and is a search engine for finding specific devices e.g, webcams, routers, servers, smart devices, that exist online. Shodan can be used to discover devices that are connected to the Internet and where they are located, and who is using the device. The IP addresses for the devices are stored along with ports and service banner data in a database [4]. The data can be searched:

• Online on the web interface at Shodan.io

• Create a Shodan Account to use the Shodan API

While using Shodan’s database a series of filters can be used. These filters are for example specific port numbers, country or city, specific IP address or just keywords like "refrigera-tor" (183 hits) or a specific brand name etc. [10].

(14)

The purpose of Shodan can be to find computers running a certain piece of software, e.g Apache, or if one wants to know which version of Microsoft that is the most popular [11]. Shodan’s search engine can also be used to gain knowledge and information about vulnerabilities about IoT and smart devices. It is a tool that can help to discover security flaws [11]. Shodan’s search engine provides a way to see if a new vulnerability has come out, and see how many hosts that could be infected. Traditional web search engines do not give the answer of this information according to J. Matherly [11].

2.3.2 Open data on Shodan

The basic open data that Shodan gathers is banners. A banner is textual information that describes a service(program) on a device. For web servers this could for example be the headers that are returned, or for a Telnet (Port 23) it would be the login screen [11]. The content of the banner varies depending of the type of services. The information also depends on the search criteria in the filter one program for extracting the open data. The open data can also show information about firmware, serial number, ports and so on. In figure 2 and 3 the banner is textual information. In figure 2 the IP adress is shown and also the ETag. An ETag is an identifier assigned to a specific version of a resource found at a URL. Figure 3 shows that the device is running the Apache web server software with a version of 2.2.22. In both example the HTTP says 200 OK, this means that at least initially the banner results will load without any authentication.

Figure 2: Example one of a banner

(15)

In addition to the banner, Shodan also grabs data about the device. The meta-data is geographic location, hostname, operating system. Most of the meta-meta-data can be searched via the main Shodan website, however a few fields are only available to users of the developer API [11].

The Shodan crawlers, that are software programs that uses another search engine’s data to produce their own results from the Internet. Shodan crawlers work around the clock and update the database in real-time. This means that at any moment a person search on the Shodan website, one are getting the latest picture of the Internet. This is an important aspect because the information that one can find on a specific date can be different a month later or even a week[11].

2.4 Vulnerability

O.H Alhazmi et al. [13] writes that vulnerability has been defined as "a defect which enables an attacker to bypass security measures". Another definition is "a weakness in the security system that might be exploited to cause loss or harm" [13]. An attacker who bypass security measures can cause harm. An attacker can use vulnerabilities to gain access to a system [13]. The type of vulnerability can vary between different connected cameras, and be everything from weak passwords, poorly protected credentials or insecure configuration management. There are vulnerabilities without any risk. This means that if there are vulnerabilities attached to a specific smart device, and e.g an attacker can take advantage of the vulnerability to intrude. But in the case there are no potential or significant loss or harm for the owner of the device when the attacker have succeeded bypassing security measures. Vulnerabilities can lead to privacy intrusion for the owner of the connected camera if an attacker uses the vulnerabilities to bypass [7].

2.4.1 Common Vulnerabilities and Exposures (CVE)

Common Vulnerabilities and Exposures (CVE) is a list of common identifiers for publicly known cyber security vulnerabilities. CVE provides information about a unique software vulnerability. [16]. Every unique CVE has a CVE ID and a brief description of the secu-rity vulnerability or exposure. Also every CVE identifier includes references for extended information. One can search on specific keywords or directly on specific CVE ID to gain information about the vulnerability and exposure. CVE can also be used to see if open data on a specific smart camera already have known specific vulnerabilities [22]. For ex-ample the keywords smart camera gave 526 known common exposures [14] and connected camera gave 277 hits [15].

2.4.2 Open Web Application Security Project (OWASP)

Open Web Application Security Project (OWASP) is an organization with the ambition to support technologies in the field of web application security. OWASP drive visibility and evolution in security and safety of the software in the world [19]. This by identifying some of the critical vulnerabilities. OWASP can be used for guiding and for information gathering about known vulnerabilities [17]. It can also be used to gain knowledge if one would like to know if something is in the danger zone of being exposed to vulnerability flaws [22].

(16)

2.5 Reconnaissance

Reconnaissance is about information gathering. There are both passive and active recon-naissance [20]. The difference between them is that passive reconrecon-naissance is about gaining information without actively engaging with the systems. In contrast to active, where one engages with the target system. Passive reconnaissance is also information gathering using only publicly available resources, as done in this thesis with the use of Shodan [20].

(17)

3

Related Work

In this section a list of papers which are related to this thesis is reviewed. Work in this sections are relevant to this thesis by providing background to the research domain, or conducting a similar research.

3.1 Uninvited Connections

In 2014 M. Patton et al. [6] published a paper with the explorations to study if Shodan could be used for large scale vulnerability, and study if real system exposure could be ver-ified or quantver-ified. The methods chosen was the use of Shodan to test default passwords against SCADA devices. Parse device headers into MySQL database and afterward ana-lyze the results to identify vulnerable systems. The focus was on several devices, including SCADA devices, printers and Health Network.

The initial result included 35,737 different SCADA devices, but only a subset of a still larger set of millions of SCADA devices of Shodan. A part of the result was to target HP printers running the JetDirect print server. M. Patton et al. found 47159 printers of which 19583 were accessible via telnet without requiring authentication. That is 41,5% of the printers remain exposed. Regarding web cameras the paper state that web cameras were not completely scanned, the space is to large that work is still underway but they found a camera located in a Dermatology office in TX and is one of several printers in the office. According to the paper, web cameras typically can not be used to directly cause harm to organizations or individuals, unless they capture material that has meaning and can be misused. Regarding the HP printers, unsecured printers have verified that firmware updates can give access to attack the network the printer is attached to. The authors also state that many devices are not visible through Shodan, and one reason is that that the devices are behind network address translation (NAT) etc. The papers conclusion is that the vulnerability rates appeared in a wide range from low 0,44% to 41,5% high on the authors primary chosen devices.

This paper is relevant for this thesis because the authors approach about using Shodan’s API with Python programming to extracting selected data is inspired from their research. However there are differences. The program that have been created for extract selected data for this research, have a verification step (see section 4.3.2), and a database will not be used. Of course the key target open data being extracted are not the same and instead adapted to this specific research.

(18)

3.2 Internet of Things (IOT): Taxonomy of Security Attacks

M. Nawir et al. [2] published a paper in 2016 on the studies of network security matters in smart home, health care and transportation domains. The author present a taxonomy of security attacks within IoT networks. The aim of the paper was to assist IoT developers for better awareness of the risk of security flaws in the field.

For the authors to research their aim of assisting IoT developers, the authors used com-parative analysis of different attacks. The different attacks that are raised in the paper are e.g Denial of Service (DoS), Attacks based on Adversary Location and Host-based attacks. In total 10 different attacks types, with sub parts. Some of the different attack types are described more detailed than the rest. Even though the paper brings up the different domains, the attacks can occur in more than just one specific domain. However the effects of the attack can be different both in scale and devastation regarding on the domain. The conclusion and result is a taxonomy of security attacks on IoT with eight categories that is visualized by a figure.

In this paper by M. Nawir et al. the part with the most value is the possibility to get a glance of the different attacks that may occur in a smart home that has smart cameras. Unfortunately the paper gives a more general insight level on the topic, but overall the paper contribute to a better overview and is therefore of value for this thesis research.

3.3 Exploiting known vulnerabilities of a smart thermostat

M. Moody and A. Hunter [22] address vulnerabilities in the field of smart devices and focuses on a smart thermostat. The authors investigate how attackers can rely on pub-licly available sources posted on the Internet to take advantage of weakly protected devices. Their methodology is that the authors have an experimental approach and they focus on that the intruder explicitly use information on the Internet and refer to this as a script kiddy [22]. They analyze the vulnerabilities of the chosen smart device, and try to use well-known exploits found on the web to intrude. The result that M. Moody and A. Hunter [22] present is that they see that vulnerabilities are shown publicly, but according to the authors it may be difficult for less experienced attackers to use information effectively. The off-the-shelf performance they tried was not successful in the term on manage to intrude. However they point out that damage caused by this kind of successfully attack is still very real.

The paper contributes to this thesis by giving a good example of vulnerabilities in a smart device that is being used in homes around the world. The authors focus on that the in-truder must rely on known tools and Internet resources. Since this thesis involves how open data on Shodan possibly can show vulnerabilities, similarities can be looked at. The authors off-the-shelf performance did not succeed. It can be argued that the authors would get another result if they had used another hack instruction of the publicly available than the one chosen, and then manage to successful intrude. Maybe then the conclusion had not been that it is difficult to attack relying on publicly available sources. Nevertheless, the authors mention in their paper that it can also be that the company of the smart device already have fixed the vulnerability and therefore the attack did not succeed.

(19)

3.4 Embedded systems security: Threats, vulnerabilities, and attack taxonomy

D. Papp et al. [23] conducted a systematic review of the existing threats and vulnerabilities in embedded system based on public available data. To collect detailed information of at-tacks on embedded system they went through computer security conferences and scientific papers with a practical focus. Further they used Common Vulnerabilities and Exposures (CVE) to gain information on vulnerabilities related to embedded system. The result were that they could link some of attacks and vulnerabilities to specific CVE and create an at-tack taxonomy. By the description of a specific CVE, the authors identified atat-tack criteria. Then the attack method and later the vulnerability. By exploiting the vulnerability the attacker can conduct their attack [23].

This paper is relevant for this thesis by providing a way to see how one with public available data can find already known specific vulnerabilities based on the CVE description. This thesis uses open data on Shodan to see if it can be linked to vulnerabilities. One can use CVE to see if a specific smart cameras already have known specific vulnerabilities. This in addition to only link a vulnerability to a more generic as on OWASP.

(20)

4

Research Methodology

This chapter is aimed to describe the research approach undertaken for this thesis and the approach chosen. To answer the research questions, steps are conducted in the following order as shown in figure 4. First a literature study to understand the research area. Next, build and execute python script using Shodan API and also verify the program. Extrac-tion is the part where keywords/elements are chosen before gathering the open data. Then extract the open data that can potentially show vulnerabilities about smart cameras. An-alyze the open data to see if it has vulnerabilities. If enough information to reach a result and answers to the research questions, one is done. If not, look deeper at the already col-lected open data, or do some more gathering until the results are reached. See the following sections for detailed insight. For the workflow, see the schematic overview in Figure 4.

(21)

4.1 Methodology of choice

For this research, a mixed methodology was used. Mixed methodology means that a mix-ture of methods are used to collect data [9]. In this research a literamix-ture study has been done, and also an experiment to collect data. The mixed methodology is used because of the advantage of the internal validity and reliability amplifies [9]. According to S. East-erbrook et al. [9] mixed methodology can be a complex research strategy. However the methodology is selected because of the advantage that emerged in the recognition that all methods have limitations, and that the weaknesses of one method can be compensated for by the strengths of other methods [9]. A method called triangulation has also been used. It is about using different sources of data to confirm results and build a coherent picture [9]. This has been done to raise credibility to this thesis. In some cases a method called member checking have also been performed. Member checking is about going back to re-search participants to ensure that the interpretations of data make sense and consistent with what was stated [9].

To answer the first research question "What kind of open data is available about smart connected cameras" the investigation is made by an experiment that is based on similar procedure as in [6] and [7]. To answering "How can the data found from RQ1 be used to potentially exploit vulnerability?" it is necessary to first find an answer to the first research question. When the first question is answered, the result is used to answer the second question. In the following section 4.2-4.5 the course of action is described in detail. 4.2 Literature Study

A literature study is necessary in order to understand the research area [9]. The litera-ture study was performed, focusing on the smart home in general, smart cameras and the technical aspects. The goal of the literature study was to establish background knowledge in the smart home area, smart cameras and vulnerability in the domain of smart devices. To be able to answer the first research question, and be able to make the program that extract data from Shodan, the literature study was also necessary. Further, the study of vulnerabilities and earlier exploits is necessary for research question two, regarding to reach a conclusion if open data found on the web can cause vulnerabilities.

To use reliable sources the literature search have mainly been done in databases such as Institute of Electrical and Electronics Engineers (IEEE) and Science Direct. Another aspect regarding the literature collection is that the publication is up to date. This because the smart home field is developing fast, and to have the latest most up to date trustworthy information [9]. The keywords that been used for the literature search at the databases, can be found in appendix A.

4.3 Experimental setup

To create the Proof of Concept program, Shodan’s API and Python programming were used. The method is inspired by M. Patton et al. [6] research methodology about using Shodan’s API with Python programming to extract selected data. The procedure was adjusted slightly in the sense that a MySQL database was not used. This was because a database was not needed. Instead the information were saved in a .txt file. The information was saved to a file to have access to the open data, if one wanted to look at the collected data at a later moment. Another difference is that the key target data being extracted are not the same, and instead adjusted to this specific research. If or how a verification of the program by M. Patton et al. [6] was made has not been mentioned in their paper [6]. The

(22)

verification step is for assuring that the created program extract the same open data that can be found on Shodan, and thus publicly on the web for everyone to take part of. 4.3.1 Create the program

To create the program and use Shodan’s API, the first requirement is to get an API key. For this a Shodan account is needed. This particular program was done using Python. Filters were chosen with background on information that were of interest regarding connected cameras. Keywords chosen by the area within the limitations for this thesis, see appendix B for details. The program has also a function to save the collected result local in a file. 4.3.2 Verification of the program

To verify the program, that the collected data that have been extracted from Shodan, ac-tually are the same data that are up on the web for everyone to take part of, cross-reference have been used. This means that from the collected data gathered using the program done in python, samples were chosen. The samples were checked if the same information were up and running on the Shodan’s homepage, and thus the web. All of the collected data that being extracted using the program have to be on Shodan’s homepage. However on Shodan’s homepage more open data can be available. This is possible if only specific open data are being collected by using the program. The specific open data is chosen by the developer of the program, and can be e.g IP-address or country were the smart camera is located. Figure 5 visualizes an example of the extracted data viewed in Windows console and saved down to a file. This banner information is from a smart camera that is open to everyone to take part of on Shodan.

Figure 5: Gathered example of open data visualized through Windows console in this figure.

In figure 5 the result from the program is shown in Windows console. The result match the result shown on Shodan’s web, and shown in figure 6 in the left upper corner, and in the middle to the right. Thus, in the program in figure 5, filter have been used. Using filter means that in figure 5 the collected open data shown, is not all of the collected data that might be up on the Shodan web about that specific smart camera. In the code, filter of what kind of open data one is interested in to look at are decided. In this case it is as can be seen in figure 5 IP-address, HTTP status etc. It can also exist more open data than the information being extracted on that particularly smart camera. Therefore more

(23)

information are visualized on Shodan’s page (print screen) as for e.g location and ports while the program uses filter. The open data that has been hidden are e.g information that can potentially lead direct to individuals.

Figure 6: Gathered example of open data visualized online.

In figure 6 the open data that matches the program that uses filter shown in figure 5 are marked in the boxes. The other information shown, are not shown in figure 5, this is because filter in the code are only extracting the specific open data that were specified.

(24)

4.4 Procedure

4.4.1 Extract the open data and filtration

When the experimental setup had been done, the program been created and cross-referenced, it was time to execute the program created in 4.3.1. If there are any data at all up on Shodan about smart cameras unprotected, this indicates right away that vulnerabilities exist. The time frame that the data was extracted from Shodan is stated in section 1.4. Before starting the program, search keywords were chosen. For the search filters and key-words that were used to collect the result, see appendix B. Per search 100 results could be collected depending on the restrictions in Shodan’s free account. Also limitations in the filters are due to restrictions in the free account [11]. Figure 7 shows a schematic figure of the extract data step of the research workflow as seen in figure 4. By using the program built in python, and using Shodan API, the data from Shodan’s database were collected and saved to a file for later analysis.

Figure 7: Illustration of the extracted data step that is a step of the research workflow.

4.4.2 Data analysis

In this step when the open data had been collected, next thing to do was to look at how this open data can be used in order to potentially exploit vulnerabilities. The open data collected by the program are viewed by using CVE and OWASP, to look for vulnerabilities and to compare. Keywords as connected camera were used in the CVE database. See table 3 appendix B, for search criteria in CVE’s database. These keywords was also the same keywords used on Shodan’s database to visualize figure 9. Literature collected in the first step, as related work and referenced sources are being used. If more data was required a new search was done. Some changes in the filtration due to change of keywords before extracting more information. Repeated until result to answering research questions were found.

(25)

5

Result and Analysis

5.1 The program

The program that has been created for collecting the open data, was created using Python. The program was verified according to description in section 4.3.2 in the Research Method-ology chapter. Figure 8 shows the system architecture of the program that extracts the open data seen in figure 7. The use of Shodan API to access the Shodan.io and thereby the Shodan’s database with the open data. Services includes filtration of the open data regarding smart cameras. The extraction part to extract the information down to a com-puter, and later the process for saving it local in a file.

Figure 8: System Architecture

5.1.1 Collected open data on smart cameras

In the matter of what kind of open data is available about smart cameras on the web by using Shodan’s search engine, the result is that there are hundreds of thousands smart cameras online with open data that are presented in table 1. The open data that was available in all the banners collected, and also available on the web for anyone to take part of included: location to the smart cameras positions, which ports that are open to the smart camera, hostnames and organization.

Depending on what keywords one uses, different hits will be visualized. When the search for only the keywords "Smart Camera", "Network Camera", "Connected Camera" and "IP Camera" the hits were in total 182 291. The specific hits per search key can be viewed in appendix B table 4. In figure 9, the position of the 182 291 connected cameras are shown around the world. The red dots on the map in figure 9 are connected cameras that is up publicly on Shodan for everyone to gain information on and potentially also image/videos

(26)

from these connected cameras. The dots are only showing the connected cameras limited to the specific search criteria with the three keywords mentioned earlier in this paragraph, and the red dots reveals their locations. The smart cameras are mainly concentrated to Europe, America and east Asia as figure 9 shows.

Figure 9: Graphic vision of the position of the connected cameras in table 4.

For some smart cameras there are more open data and the information can differ a bit. This can depend, due to what vulnerabilities that are being exploited. Also the data dif-fers, due to product type, software, whether authentication or not is used etc. In table 1 some of the open data are shown with comments, that are in later sections linked to vulnerabilities found due to that this information is on Shodan. The table 1 was obtained from the open data extracted from Shodan with the banner information.

Table 1: Example on open data available on smart cameras Available open data example Comment

Position of the smart camera Information on the exact location of the smart camera.

Product information Everything from Product name of the spe-cific device, manufacturer, firmware ver-sion, software details.

Port and Transport Port number for the service and either "UDP" or "TCP"

Default passwords That can be used to access the camera Pictures/Video Access to see live streaming from chosen

camera

Authentication Status (HTTP) Could be e.g 200 OK or 401 Unauthorized etc.

(27)

example of a connected camera with the open data stated in table 1, that has been found due to insecure configuration management vulnerability. The connected camera has ser-vices listening over ports. The open ports were 21, 80, 554, 45154, 46638, 49152 and 5438. Among these ports it is also shown that the system using a non-secure protocol HTTP that state the status code 200 OK, meaning request succeeded and results will load without any authentication, at least not initially. This connected camera is described more in detail in section 5.2.5.

5.2 The vulnerabilities

5.2.1 Specific vulnerabilities linked to CVE-2011-5261

The vulnerability description on CVE-2011-5261, states that in the specific Network Cam-era firmware 5.21 and earlier, allows remote attackers to inject arbitrary web script or HTML via the pageTitle parameter to admin/showReport.shtml [18]. This type of attack means that the attacker will find vulnerable points in a computer or network’s software to access the machine or a system [24]. To find CVE-2011-5261 one can search in the CVE database with keyword(s). This vulnerability was chosen because the vulnerability was found by searching on the CVE database with the same keyword(s) that gave result on the Shodan’s search engine from the search criteria shown in table 2. Keyword "Network Cameras" gave 15 hits on the CVE database. Out of this 15 hits, CVE-2011-5261 match the 77 Network Camera with firmware 5.21 and earlier versions shown in table 2.

5.2.2 Collected open data matching CVE-2011-5261

By the period stated in section 1.4, 182 291 connected cameras was up and running on Shodan. Of these devices, one filtration was based on CVE-2011-5261 [18] and looked at more in detail. This to see if it was potentially any smart cameras up and running unpro-tected even though there are known common vulnerability tied to it. In table 2, one can see how the hits narrows down when more keywords are added. 77 network cameras are matching this specific common vulnerability CVE-2011-5261.

Table 2: The extracted data with search criteria based on CVE-2011-5261

Hits Search Criteria Comments

33 808 Network Camera

330 Network Camera and M1054 M1054 is the product number of the smart device 77 Network Camera and M1054 Firmware 5.21 and earlier

49 Network Camera and M1054 and 5.21 Firmware 5.21

The search based criteria in table 2, shows that in total 77 connected cameras running open on the web matching CVE -2011-5261 [18], even though there is known common vulnerability tied to the devices firmware. Of these 77 cameras, 49 smart cameras had the specific firmware 5.21.

In figure 10 the first section shows the 49 hits where the smart cameras are located with firmware 5.21. To look more deep on what kind of information one can gain, the country Italy and the city Florence are chosen to demonstrate in the example, The information can also be shown for the other countries and cities. Florence are only chosen as an example to visualized this. The next column visible specific were in the cities of Italy. Next the organization that assigns the IP and Internet Service Provider (ISP) on the smart cameras

(28)

in Florence, which in this case are the same. The IP addresses are covered but their open ports are shown. In figure 11 the information about port 21 and 80 are shown.

Figure 10: Overview on the collected banner narrowed down to the hits in Florence, Italy.

Figure 11: Textual information of two of the ports of the smart cameras with the CVE-2011-5261 vulnerability.

(29)

5.2.3 Insecure Configuration Management

Configuration management (CM) is a process for establishing and maintaining consistency of a product’s performance, physical attributes, functional and operational information throughout its lifetime. Lack of configuration management can lead to insecure configura-tion management (ICM) and can be very expensive as it can lead to large consequences, such as failing equipment or entrance to be able to trespass for attackers [24]. Application server configurations play a key role in the security of a web application. There are a variety of server configuration problems [24] that can effect the security. Insecure configu-ration can be in several different places including platform, web server, application server and database [24].

The open data found on Shodan from research question one, show that the data can be used to exploit the vulnerability of insecure configuration management. This because the open data found, shows that some software are out of date (as in case with the 77 connected cameras that had old firmware in section 5.2.1). Unnecessary features enabled or installed (or at least not secure enough if needed) as ports, use of HTTP instead of HTTPS etc. It is clear that the data can be used for insecure configuration management vulnerability. Software updates should never fail or compromise a smart device system [24]. Some of the versions of the software found was out of date. This opens up for vulnerability. See concrete example in figure 13 that has a web interface that increases the vulnerability [23] [24]. The fact that the smart cameras are visible, means that the vulnerability is confirmed. Regarding the smart camera in 5.2.5, settings and permission for accounts are not done properly, leaving the device wide open on the web. This includes also unneces-sary features enabled as open ports. In section 5.2.2 smart camera with old firmware are still being used and have not been updated, even though vulnerability has been discovered. Ports are responsible for allowing data to be sent and received and gain access to take control of computers. If a port is always open so a web page can send and receive messages through it, one can gain access through that port, as in the example in 5.2.5 [24]

5.2.4 Insufficient authentication

Anyone who has access to the web interface and therefore the open data found on Shodan, can use the insecure password discovered [23] on Shodan. In some of the banners that were collected, information was given that the default passwords were unchanged.

Many of the smart cameras use default or weak passwords [23] and some devices had no authentication at all, due that one could directly see what a camera watches without con-necting to the specific device itself, through the homepage. Result from research question one shows evidence of this. In figure 12, a connected camera on Shodan shows streaming the footages to the visitors on Shodan. This made possible due to use the vulnerabilities that the open data Shodan brought on the device for anyone to take part of. For this specific device the only thing one needs from the open data is to find the connected camera, due to "right" search criteria. In this case "Connected camera" with banner information tied to "default password". This make it possible to bypass access control mechanism rather easily with minimal efforts [23] through passive reconnaissance. Figure 12 visualize an example of this. The smart cameras has banner information Status Code 1.1 200 OK, and that request has succeeded as figure 12 visualize. The information returned with the response depends on the method used in the request. Figure 12 shows a smart camera that has insufficient authentication where the content of the smart cameras are running on the web

(30)

and made possible by open data on Shodan and by the "nigeria hacker" shown in figure 12. Potentially exploits can be done from using this default password to gain access to the web browser and through it also the connected camera as shown in 12. From the gathered open data in this thesis, banners text included information about the default password to access the web browser for the specific device in the banner information.

(31)

5.2.5 Vulnerability example tied to a specific smart camera

Figure 13 is an example of a smart camera with vulnerability found through Shodan’s database. When searching on the specific smart camera online, one can find the product manual with all the information about the device. How one shall change passwords, control the device and information about security features.

The smart camera found, has a built-in web server that provides access to all features through the use of a web browser. This is visualized in figure 13. To access the camera from the Internet the owner of the device must first configure the router/firewall to allow the incoming data traffic. For security reasons this is usually done on a specific port. For this specific smart device found on Shodan the open ports was in total seven ports, as mentioned in section 5.1.1.

Because the smart camera has a built-in web server that provides full access to all the features through the specific web browsers Internet Explorer and Mozilla Firefox. It also entails that everyone that finds this open data on Shodan (or gain access in any other way) gain full access to the device and all the function that can operate the smart camera. This includes everything from move the camera, turn on and turn off the camera, change brightness and sound settings and so on. In table 6 in appendix B search criteria for the specific smart camera are shown. There were in total 577 of this particular smart camera on Shodan.

(32)

5.3 Analysis of the result

Open data was found on Shodan, and thereby on the web about smart connected cam-eras. The open data found on Shodan can potentially be used to exploit vulnerabilities. In some cases this is already happend, as seen in the example in figure 12. The primarily vulnerabilities tied to the open data found were insecure configuration management due to open ports, software out of date and insufficient authentication. Internet facing devices are potentially exploitable by remote attackers if the device is connected to the Internet [23]. That smart cameras are up on the web running, shows right away that vulnerability exist due to this type of smart devices. Attackers does not necessarily need to have access privileges. The only requirement is that the attacker can potentially discoverer the Internet facing device and send messages to it via the network [23] as in the cases, with the open data found on Shodan as in 5.2.4 and 5.2.5.

Through passive reconnaissance, services were found that are prone to CVE-2011-5261. This identifies an attack surface or a potential to allow remote attackers to inject ar-bitrary scripts etc. To determine whatever the vulnerability can be exploited an intru-sive/aggressive test is needed. This is beyond the scope of this thesis. Also to try to use the default password found in the text banners is also beyond the scope of this thesis. However example 5.2.4 and 5.2.5 shows that other uses the vulnerabilities to bypass and therefore others can through passive reconnaissance see broadcast surveillance and thus sensitive data for the owner of the connected camera. Potential consequences of the vul-nerabilities identified, is that the connected camera can potential reveal information about the individuals in the household. This information can affect the individual not only in the households but also in their life outside the home, depending on the information and were the information spreads. How can the household members have overall control over their data that are being collected from the smart camera. If an attack occur, as espionage how can the owner of the devices know this, when the connected camera acting without user awareness or maybe even control. If an attacker collecting pictures or videos and can link it to a specific location, as made possible with the open data on Shodan, the information can possible be used to gain knowledge of the habits of the individuals in the area were the smart camera are being used. With this information an attacker can for example potentially plan what time is the best to make a burglary. The videos the smart device collect can often be highly personal and also sensitive. By the vulnerabilities found, this introduces new ways for attackers to collect and processing such information. The research of this thesis shows that vulnerabilities exist that are tied to the open data that was found on Shodan. If the vulnerabilities as insecure configuration management and insufficient authentication, takes advantages of, can this potentially effect the inhabitants in several ways as the are more than the owner of the smart camera connected to the device and monitoring the home. Then depending on what the intruder chooses to do with the gathered information the impact of the inhabitants can be different.

There are vulnerabilities without risk. This means that some of the 182 291 connected cameras that were found broadcasting their position on the web and the information stated in table 1, the loss if an attacker intrude has no value. Even though it may seem hard to think that it could be no affect at all if active reconnaissance occur, theoretically this could be the case in some of the 182 291 found connected cameras.

(33)

6

Discussion

6.1 Related work

M. Moody and A. Hunter [22] result found that there are vulnerabilities shown publicly on the Internet regarding the smart device the authors looked at, as this thesis also found using Shodan’s search engine about connected cameras. M. Patton et al. [6], L. Markowsky and G. Markowsky [7] used Shodan as a method for gathering open data about smart devices. Shodan was also used in this thesis. Both [6] and [7] looked at other smart devices than connected cameras that was investigated in this thesis. The common factors, even if the specific smart devices was not the same ones, their research results, so as in the result of this thesis, is that open data occur on smart devices in a large set and vulnerabilities exist. 6.2 Limitations discussion

The findings can differ a bit depending on the search date, and therefore the precisely result presented in section 5.1.1 (amount of hits for the specific search criteria). That there are open data on connected cameras are certain, but the amount of hits will change and the information that are publicly available. This because the connected cameras that are up and running on Shodan, can be for example turned off and no longer having access to the Internet. It could also mean the vulnerability due to that it was up on Shodan in the first place has been taking care of. The open data visible can also change for e.g if an open port is closed etc. This is why the time frame that the open data are extracted from Shodan is presented in section 1.4 and important to keep in mind if one should try the exact same search criteria used in this thesis. The time frame when the scanning procedure took place are not presented in [6] and [7]. As stated in section 1.4 there was no attempt to active reconnaissance, only passive reconnaissance, and thus work towards answering the research questions.

6.3 Methodology Discussion

By following the research workflow in figure 4 the research questions could be answered. The keywords, both regarding the literature study and the keywords for finding open data about smart cameras had a critical part to be able to answer the research questions. The methodology was based on similar procedure as in [6] and [7]. The program was good for organizing the extracted open data based on the search criteria and an easy way to gather the information fast. If one wants to extract big data from Shodan, one must have a payment account. For this thesis it was not needed to reach the answers for the research questions. Triangulation have also been used, which is using different sources of data to confirm results and build a coherent picture [9]. In some cases member checking was performed. That the publication is up to date for the references used in this thesis due to that the field is developing fast, was taken into consideration.

6.4 Ethics

The parts about the open data and vulnerabilities might lead to discussion regarding integrity. The parts that can directly be linked to this have been covered in this thesis. This includes e.g IP addresses, specific location (longitude and latitude), company name and so on.

(34)

7

Conclusion and Future work

7.1 Answering the research questions

In section 1.3 the research questions were presented for this thesis. Research question 1: What kind of open data is available about smart connected cameras? and research ques-tion 2: How can the data found from RQ1 be used to potentially exploit vulnerability. By constructing a program that collects open data about smart cameras, using python and Shodan API, the RQ 1 could be answered. The conclusion on what kind of open data that is available about Smart cameras are location of the devices positions, IP addresses, open port to the connected devices, specific product information as firmware, product model, and so on, presented in chapter 5. By studying the result of the available open data, the vulnerabilities tied to the open data could be found as insecure configuration management, Insufficient authentication, and also tied to specific CVE and thereby answering research question two.

7.2 Future Work

The intent of smart cameras is to remote monitoring a homeowner home (or company), but given the vulnerabilities shown, the owner of the smart camera may not be the only one monitoring the home. The thesis investigates about open data on the specific search engine Shodan and vulnerabilities caused by this. Some of the open data about smart cameras that are existing on Shodan has been presented. The found open data shows vulnerabili-ties. Both vulnerability in general and a specific vulnerability tied to a specific CVE and product. Vulnerability found were due to insecure configuration management, insufficient authentication, and that the smart cameras are connected to the Internet shown on a pub-lic environment. The future work that this research could contribute to is by showing that open data is available about smart cameras and some of its cause. Future work could be to examine what kind of attacks that can occur with this open data and vulnerabilities, due this was beyond the scope of this thesis.

(35)

References

[1] C. Lee, L. Zappaterra, Kwanghee Choi and Hyeong-Ah Choi, "Securing smart home: Technologies, security challenges, and security requirements," 2014 IEEE Conference on Communications and Network Security, San Francisco, CA, 2014, pp. 67-72. doi: 10.1109/CNS.2014.6997467

[2] M. Nawir, A. Amir, N. Yaakob and O. B. Lynn, "Internet of Things (IoT): Taxonomy of security attacks," 2016 3rd International Conference on Electronic Design (ICED), Phuket, 2016, pp. 321-326. doi: 10.1109/ICED.2016.7804660

[3] J. Wurm, K. Hoang, O. Arias, A. R. Sadeghi and Y. Jin, "Security analysis on consumer and industrial IoT devices," 2016 21st Asia and South Pacific Design Au-tomation Conference (ASP-DAC), Macau, 2016, pp. 519-524. doi: 10.1109/ASP-DAC.2016.7428064

[4] Bodenheim, R., Butts, J., Dunlap, S., Mullins and B. "Evaluation of the ability of the Shodan search engine to identify Internet-facing industrial control devices" International Journal of Critical Infrastructure Protection, vol. 7, no. 2, pp. 114-123, 2014, [online] Available: http://doi.org/10.1016/j.ijcip.2014.03.001

[5] J. Bugeja, A. Jacobsson and P. Davidsson, "On Privacy and Security Challenges in Smart Connected Homes," 2016 European Intelligence and Security Informatics Con-ference (EISIC), Uppsala, Sweden, 2016, pp. 172-175. doi: 10.1109/EISIC.2016.044 [6] M. Patton, E. Gross, R. Chinn, S. Forbis, L. Walker and H. Chen, "Uninvited

Con-nections: A Study of Vulnerable Devices on the Internet of Things (IoT)," 2014 IEEE Joint Intelligence and Security Informatics Conference, The Hague, 2014, pp. 232-235. doi: 10.1109/JISIC.2014.43

[7] L. Markowsky and G. Markowsky, "Scanning for vulnerable devices in the Internet of Things," 2015 IEEE 8th International Conference on Intelligent Data Acquisition and Advanced Computing Systems: Technology and Applications (IDAACS), Warsaw, 2015, pp. 463-467. doi: 10.1109/IDAACS.2015.7340779

[8] Nunamaker, J.F., Jr.; Chen, M., "Systems development in information systems re-search," in System Sciences, 1990., Proceedings of the Twenty-Third Annual Hawaii International Conference on , vol.iii, no., pp.631-640 vol.3, 2-5 Jan 1990

[9] Easterbrook, S., Singer, J., Storey, M.-A., Damian, D.: Selecting Empirical Meth-ods for Software Engineering Research. In: Guide to Advanced Empirical Software Engineering. pp. 285–311. Springer (2008)

[10] Home page. Retrieved June 18, 2017 https://www.shodan.io/search?query=refrigerator [11] John Matherly, Complete Guide to Shodan, Shodan, LLC (2016-02-25)

[12] K. Loukil, M. Khalfa, M. Wassim Jmal, T. Frikha and M. Abid, "Design and test of smart IP-camera within reconfigurable platform," 2017 2nd International Con-ference on Anti-Cyber Crimes (ICACC), Abha, 2017, pp. 25-29. doi: 10.1109/Anti-Cybercrime.2017.7905257

[13] O.H. Alhazmi, Y.K. Malaiya, I. Ray "Measuring, analyzing and predicting security vulnerabilities in software systems" 2007 Computers & Security 26.

(36)

[14] Home page. Retrieved June 22, 2017 https://cve.mitre.org/cgi-bin/cvekey.cgi?keyword=smart+camera 526 smart camera

[15] Home page. Retrieved June 22,2017 https://cve.mitre.org/cgi-bin/cvekey.cgi?keyword=connected+camera connected camera

[16] Home page. Retrieved July 15, 2017 https://cve.mitre.org/about/introduction [17] M. Lee, K. Lee, J. Shim, S. j. Cho and J. Choi, "Security threat on wearable

ser-vices: Empirical study using a commercial smartband," 2016 IEEE International Conference on Consumer Electronics-Asia (ICCE-Asia), Seoul, 2016, pp. 1-5. doi: 10.1109/ICCE-Asia.2016.7804766

[18] Home page. Retrieved July 28, 2017 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-5261

[19] Home page. Retrieved July 28, 2017 https://www.owasp.org/index.php/Main_Page [20] Home page. Retrieved July 15,2017

http://whatis.techtarget.com/definition/passive-reconnaissance

[21] J. Ahamed and A. V. Rajan, "Internet of Things (IoT): Application systems and security vulnerabilities," 2016 5th International Conference on Electronic De-vices, Systems and Applications (ICEDSA), Ras Al Khaimah, 2016, pp. 1-5. doi: 10.1109/ICEDSA.2016.7818534

[22] M. Moody and A. Hunter, "Exploiting known vulnerabilities of a smart thermostat" 2016 14th Annual Conference on Privacy, Security and Trust (PST), Auckland, 2016, pp. 50-53. doi: 10.1109/PST.2016.7906936

[23] D. Papp, Z. Ma and L. Buttyan, "Embedded systems security: Threats, vulnerabil-ities, and attack taxonomy," 2015 13th Annual Conference on Privacy, Security and Trust (PST), Izmir, 2015, pp. 145-152. doi: 10.1109/PST.2015.7232966

[24] J. Ahamed and A. V. Rajan, "Internet of Things (IoT): Application systems and security vulnerabilities," 2016 5th International Conference on Electronic Devices, Systems and Applications (ICEDSA), Ras Al Khaimah, 2016, pp. 1-5.

(37)

A

Search criteria

The referenced papers presented in this thesis are based on the keywords presented below. The databases searched in were mostly Institute of Electrical and Electronics Engineers (IEEE) and Science Direct.

• Smart homes IoT and Vulnerability • Smart homes IoT and Risk

• Smart homes and Vulnerability • Smart Devices and Vulnerability • Shodan

• Shodan search engine • OWASP

• OWASP and IoT

(38)

B

Filter and Keywords

In this thesis the search criteria in the Common Vulnerabilities and Exposures’s (CVE) database are presented below in table 3.

Table 3: Hits in the search about Smart cameras in CVE’s database

Hits Keywords

526 Smart camera

277 Connected camera

27 Network camera

15 Network cameras

Table 4: Hits in the first general search about Smart cameras on Shodan Hits Search Criteria

33 808 Network Camera

51 Smart Camera

13 Connected Camera

148 419 IP Camera

Table 5: The extracted data with search criteria (filtration) based on CVE-2011-5261

Hits Search Criteria Comments

33 808 Network Camera

330 Network Camera and M1054 M1054 is the product number of the smart device 77 Network Camera and M1054 Firmware 5.21 and earlier

49 Network Camera and M1054 and 5.21

Table 6: Filtration based on specific smart camera in section 5.2.5

Hits Search Criteria Comments

33 808 Network Camera

557 Network Camera and Product Name Du to protect the company the product name on the smart device are not shown

Figure

Figure 1 is a simplified example of a scenario for a smart home, where one of the smart devices in the home is an IP Camera
Figure 2: Example one of a banner
Figure 4: Research workflow
Figure 5: Gathered example of open data visualized through Windows console in this figure.
+7

References

Related documents

46 Konkreta exempel skulle kunna vara främjandeinsatser för affärsänglar/affärsängelnätverk, skapa arenor där aktörer från utbuds- och efterfrågesidan kan mötas eller

The increasing availability of data and attention to services has increased the understanding of the contribution of services to innovation and productivity in

Generella styrmedel kan ha varit mindre verksamma än man har trott De generella styrmedlen, till skillnad från de specifika styrmedlen, har kommit att användas i större

Parallellmarknader innebär dock inte en drivkraft för en grön omställning Ökad andel direktförsäljning räddar många lokala producenter och kan tyckas utgöra en drivkraft

Närmare 90 procent av de statliga medlen (intäkter och utgifter) för näringslivets klimatomställning går till generella styrmedel, det vill säga styrmedel som påverkar

Den förbättrade tillgängligheten berör framför allt boende i områden med en mycket hög eller hög tillgänglighet till tätorter, men även antalet personer med längre än

På många små orter i gles- och landsbygder, där varken några nya apotek eller försälj- ningsställen för receptfria läkemedel har tillkommit, är nätet av

POSLTOOL1003=1 ; Nastavení GUD proměnné na hodnotu, která signalizuje, že obráběnítřetím obráběcím nástrojem bylo dokončeno a že obrábění (kanál 1) v