Testing Security for Internet of Things A Survey on Vulnerabilities in IP Cameras
The number of devices connected to the Internet is growing rapidly. Many of these devices are referred to as IoT-devices. These are easy to connect and access over the Internet. Many of these, though, come with security flaws and vulnerabilities which make them easy targets for attackers. This is something that has been reviewed a lot in media lately. An IP camera is a typical example of an IoT-device, and is used for various purposes, e.g., in industrial surveillance, home surveillance, baby monitors, elderly monitoring, social interaction, movement tracking, etc. This kind of device is often powerful, both in computing and bandwidth, which makes them very attractive for attackers as they can abuse them in additional attacks, such as distributed denial of service (DDoS) attacks.
This thesis investigates and presents a few methods used to find and hack IoT-devices. These methods we then apply to IP cameras, where the focus is to examine the impact of these attacks on security and privacy, and to what extent the normal end user can affect (strengthen/weaken) the security. The methods used are based on previously done attacks on IP cameras together with a few other tools used in ethical hacking.
The results of the research show that there are vulnerabilities in many of these devices, and that these vulnerabilities have different impacts on security. One of the common vulnerabilities for many devices is default credentials, which can be easily guessed by an attacker (Mirai botnet is an example of this exploitation). The credentials should be changed by the end-user.
Consequences and impacts of these attacks are discussed extensively, followed by solutions or suggestions for improving the security. Although the vulnerabilities lie usually with the manufacturer, much can be done by an end-user as well.