TY - JOUR
T1 - Rethinking Privacy Risks from Wireless Surveillance Camera
AU - Huang, Qianyi
AU - Lu, Youjing
AU - Luo, Zhicheng
AU - Wang, Hao
AU - Wu, Fan
AU - Chen, Guihai
AU - Zhang, Qian
N1 - Publisher Copyright:
© 2023 Association for Computing Machinery.
PY - 2023/3/1
Y1 - 2023/3/1
N2 - Wireless home surveillance cameras are gaining popularity in elderly/baby care and burglary detection in an effort to make our life safer than ever before. However, even though the camera's traffic is encrypted, attackers can still infer what the residents are doing at home. Although this security loophole has been reported, it does not attract much attention from the public, as it requires the attacker to be in close proximity to the camera and have some prior knowledge about the victims. Due to these requirements, the attacker has a low chance of success in the real world. In this article, we argue that the capability of attackers has been greatly underestimated. First, the attacker can leverage the characteristics of video transport protocols to recover the metadata of missing packets. Second, the attacker can build the inference model using the public datasets and adapt the model to the real traffic. Thus, the attacker can launch the attack at a distance from the camera, without prior knowledge about the victim. We also implement this attack scenario and verify that the attacker can infer the victims' activities at a distance as large as 40 m without any knowledge about the victim, neither personal nor environmental.
AB - Wireless home surveillance cameras are gaining popularity in elderly/baby care and burglary detection in an effort to make our life safer than ever before. However, even though the camera's traffic is encrypted, attackers can still infer what the residents are doing at home. Although this security loophole has been reported, it does not attract much attention from the public, as it requires the attacker to be in close proximity to the camera and have some prior knowledge about the victims. Due to these requirements, the attacker has a low chance of success in the real world. In this article, we argue that the capability of attackers has been greatly underestimated. First, the attacker can leverage the characteristics of video transport protocols to recover the metadata of missing packets. Second, the attacker can build the inference model using the public datasets and adapt the model to the real traffic. Thus, the attacker can launch the attack at a distance from the camera, without prior knowledge about the victim. We also implement this attack scenario and verify that the attacker can infer the victims' activities at a distance as large as 40 m without any knowledge about the victim, neither personal nor environmental.
KW - Home surveillance camera
KW - security and privacy
UR - http://www.scopus.com/inward/record.url?scp=85166352419&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=85166352419&partnerID=8YFLogxK
U2 - 10.1145/3570504
DO - 10.1145/3570504
M3 - Article
AN - SCOPUS:85166352419
SN - 1550-4859
VL - 19
JO - ACM Transactions on Sensor Networks
JF - ACM Transactions on Sensor Networks
IS - 3
M1 - 60
ER -