Affiliation:
1. Sun Yat-sen University & Peng Cheng Laboratory
2. Shanghai Jiao Tong University
3. Southern University of Science and Technology
4. Rutgers University
5. Hong Kong University of Science and Technology
Abstract
Wireless home surveillance cameras are gaining popularity in elderly/baby care and burglary detection, trying to make our life safer than ever before. However, even though the camera’s traffic is encrypted, the malicious guy can still infer what the residents are doing at home. Although this security loophole has been reported, it does not attract much attention from the public, as it requires the attacker to be in close proximity to the camera and have some prior knowledge about the victims. Due to these requirements, the attacker has a low chance of success in the real world. In this paper, we argue that the capability of attackers has been greatly underestimated. First, the attacker can leverage the characteristics of video transport protocols to recover the metadata of missing packets. Second, the attacker can build the inference model using the public datasets and adapt the model to the real traffic. Thus, the attacker can launch the attack at a distance from the camera, without prior knowledge about the victim. We also implement this attack scenario and verify that the attacker can infer the victims’ activities at a distance as large as 40m without any knowledge about the victim, neither personal nor environmental.
Publisher
Association for Computing Machinery (ACM)
Subject
Computer Networks and Communications
Reference35 articles.
1. Keeping the Smart Home Private with Smart(er) IoT Traffic Shaping
2. Noah Apthorpe Dillon Reisman and Nick Feamster. 2017. A smart home is no castle: Privacy vulnerabilities of encrypted iot traffic. arXiv preprint arXiv:1705.06805(2017). Noah Apthorpe Dillon Reisman and Nick Feamster. 2017. A smart home is no castle: Privacy vulnerabilities of encrypted iot traffic. arXiv preprint arXiv:1705.06805(2017).
3. On Detecting Hidden Wireless Cameras: A Traffic Pattern-based Approach
4. HomeSpy: Inferring User Presence via Encrypted Traffic of Home Surveillance Camera
5. I Know What You Saw Last Minute—Encrypted HTTP Adaptive Video Streaming Title Classification