Malmö University Publications
Change search
CiteExportLink to record
Permanent link

Direct link
Cite
Citation style
  • apa
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • Other style
More styles
Language
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Other locale
More languages
Output format
  • html
  • text
  • asciidoc
  • rtf
An Investigation of Vulnerabilities in Smart Connected Cameras
Malmö University, Internet of Things and People (IOTAP). Malmö University, Faculty of Technology and Society (TS), Department of Computer Science and Media Technology (DVMT).ORCID iD: 0000-0003-0546-072X
Malmö University, Internet of Things and People (IOTAP). Malmö University, Faculty of Technology and Society (TS), Department of Computer Science and Media Technology (DVMT).
Malmö University, Internet of Things and People (IOTAP). Malmö University, Faculty of Technology and Society (TS), Department of Computer Science and Media Technology (DVMT).ORCID iD: 0000-0002-8512-2976
2018 (English)In: 2018 IEEE International Conference on Pervasive Computing and Communications Workshops (PerCom Workshops), IEEE, 2018, p. 656-661Conference paper, Published paper (Refereed)
Abstract [en]

The Internet of Things is enabling innovative ser-vices promising added convenience and value in various domains such as the smart home. Increasingly, households, office envi-ronments and cities, are being fitted with smart camera systems aimed to enhance the security of citizens. At the same time, sev-eral systems being deployed suffer from weak security implemen-tations. Recognizing this, and to understand the extent of this situation, in this study we perform a global vulnerability assess-ment using the Shodan search engine and the Common Vulnera-bilities and Exposures database. This is done to detect smart con-nected cameras exposed on the Internet alongside their sensitive, potentially private, data being broadcasted. Furthermore, we discuss whether the discovered data can be used to compromise the safety and privacy of individuals, and identify some mitiga-tions that can be adopted. The results indicate that a significant number of smart cameras are indeed prone to diverse security and privacy vulnerabilities.

Place, publisher, year, edition, pages
IEEE, 2018. p. 656-661
Series
International Conference on Pervasive Computing and Communications, ISSN 2474-2503
Keywords [en]
IoT, IoT security, Shodan, smart connected cameras, smart connected homes, vulnerabilities
National Category
Engineering and Technology
Identifiers
URN: urn:nbn:se:mau:diva-12708DOI: 10.1109/PERCOMW.2018.8480184ISI: 000541062400110Scopus ID: 2-s2.0-85056473592Local ID: 26328ISBN: 978-1-5386-3227-7 (electronic)ISBN: 978-1-5386-3228-4 (print)OAI: oai:DiVA.org:mau-12708DiVA, id: diva2:1409755
Conference
IEEE PerCom 2018 - Second International Workshop on Pervasive Smart Living Spaces (PerLS 2018), Athens, Greece (19 March - 23 March)
Available from: 2020-02-29 Created: 2020-02-29 Last updated: 2025-02-04Bibliographically approved
In thesis
1. Smart connected homes: concepts, risks, and challenges
Open this publication in new window or tab >>Smart connected homes: concepts, risks, and challenges
2018 (English)Licentiate thesis, comprehensive summary (Other academic)
Abstract [en]

The growth and presence of heterogeneous connected devices inside the home have the potential to provide increased efficiency and quality of life to the residents. Simultaneously, these devices tend to be Internet-connected and continuously monitor, collect, and transmit data about the residents and their daily lifestyle activities. Such data can be of a sensitive nature, such as camera feeds, voice commands, physiological data, and more. This data allows for the implementation of services, personalization support, and benefits offered by smart home technologies. Alas, there has been a rift of security and privacy attacks on connected home devices that compromise the security, safety, and privacy of the occupants. In this thesis, we provide a comprehensive description of the smart connected home ecosystem in terms of its assets, architecture, functionality, and capabilities. Especially, we focus on the data being collected by smart home devices. Such description and organization are necessary as a precursor to perform a rigorous security and privacy analysis of the smart home. Additionally, we seek to identify threat agents, risks, challenges, and propose some mitigation approaches suitable for home environments. Identifying these is core to characterize what is at stake, and to gain insights into what is required to build more robust, resilient, secure, and privacy-preserving smart home systems. Overall, we propose new concepts, models, and methods serving as a foundation for conducting deeper research work in particular linked to smart connected homes. In particular, we propose a taxonomy of devices; classification of data collected by smart connected homes; threat agent model for the smart connected home; and identify challenges, risks, and propose some mitigation approaches.

Place, publisher, year, edition, pages
Malmö university. Faculty of Technology and Society, 2018
Series
Studies in Computer Science ; 7
Keywords
Smart Connected Homes, Internet of Things, Smart Home Devices, Data Lifecycle, Security Risks, Privacy Management, Vulnerability Assessment, Security Mitigations, Threat Agents, Smart Home Services, System Architecture
National Category
Engineering and Technology
Identifiers
urn:nbn:se:mau:diva-7793 (URN)10.24834/2043/25061 (DOI)25061 (Local ID)9789171049292 (ISBN)9789171049308 (ISBN)25061 (Archive number)25061 (OAI)
Presentation
2018-09-03, Storm, Gäddan, 15:15 (English)
Opponent
Note

Note: The papers are not included in the fulltext online.

Available from: 2020-02-28 Created: 2020-02-28 Last updated: 2024-03-18Bibliographically approved
2. On Privacy and Security in Smart Connected Homes
Open this publication in new window or tab >>On Privacy and Security in Smart Connected Homes
2021 (English)Doctoral thesis, comprehensive summary (Other academic)
Abstract [en]

The growth and presence of heterogeneous sensor-equipped Internet-connected devices inside the home can increase efficiency and quality of life for the residents. Simultaneously, these devices continuously collect, process, and transmit data about the residents and their daily lifestyle activities to unknown parties outside the home. Such data can be sensitive and personal, leading to increasingly intimate insights into private lives. This data allows for the implementation of services, personalization support, and benefits offered by smart home technologies. Alas, there has been a surge of cyberattacks on connected home devices that essentially compromise privacy and security of the residents.

Providing privacy and security is a critical issue in smart connected homes. Many residents are concerned about unauthorized access into their homes and about the privacy of their data. However, it is typically challenging to implement privacy and security in a smart connected home because of its heterogeneity of devices, the dynamic nature of the home network, and the fact that it is always connected to the Internet, amongst other things. As the numbers and types of smart home devices are increasing rapidly, so are the risks with these devices. Concurrently, it is also becoming increasingly challenging to gain a deeper understand- ing of the smart home. Such understanding is necessary to build a more privacy-preserving and secure smart connected home. Likewise, it is needed as a precursor to perform a comprehensive privacy and security analysis of the smart home.

In this dissertation, we render a comprehensive description and account of the smart connected home that can be used for conducting risk analysis. In doing so, we organize the underlying smart home devices ac- cording to their functionality, identify their data-collecting capabilities, and survey the data types being collected by them. Such is done using the technical specification of commercial devices, including their privacy policies. This description is then leveraged for identifying threats and for analyzing risks present in smart connected homes. Such is done by analyzing both scholarly literature and examples from the industry, and leveraging formal modeling. Additionally, we identify malicious threat agents and mitigations that are relevant to smart connected homes. This is performed without limiting the research and results to a particular configuration and type of smart home.

This research led to three main findings. First, the majority of the surveyed commercial devices are collecting instances of sensitive and personal data but are prone to critical vulnerabilities. Second, there is a shortage of scientific models that capture the complexity and heterogeneity of real-world smart home deployments, especially those intended for privacy risk analysis. Finally, despite the increasing regulations and attention to privacy and security, there is a lack of proactive and integrative approaches intended to safeguard privacy and security of the residents. We contributed to addressing these three findings by developing a framework and models that enable early identification of threats, better planning for risk management scenarios, and mitigation of potential impacts caused by attacks before they reach the homes and compromise the lives of the residents.

Overall, the scientific contributions presented in this dissertation help deepen the understanding and reasoning about privacy and security concerns affecting smart connected homes, and contributes to advancing the research in the area of risk analysis as applied to such systems.

Place, publisher, year, edition, pages
Malmö: Malmö universitet, 2021. p. 66
Series
Studies in Computer Science
Keywords
smart connected homes, Internet of Things, smart homes devices, smart home data, threat identification, risk analysis, privacy, security, vulnerability assessment, mitigations, threat agents
National Category
Computer Sciences
Identifiers
urn:nbn:se:mau:diva-39619 (URN)10.24834/isbn.9789178771646 (DOI)978-91-7877-163-9 (ISBN)978-91-7877-164-6 (ISBN)
Public defence
2021-01-11, D138 Orkanen och Zoom, Malmö University, Malmö, 13:15 (English)
Opponent
Supervisors
Note

Note: The papers are not included in the fulltext online

Available from: 2021-01-21 Created: 2021-01-21 Last updated: 2024-03-04Bibliographically approved

Open Access in DiVA

fulltext(707 kB)3050 downloads
File information
File name FULLTEXT01.pdfFile size 707 kBChecksum SHA-512
558a401a9a55288e12fd478e0491b8f16281c01d9e13ef268e5a2b581f02201415bf4c919d442b31d49c61063d33cb087e7e844bd720b6b9facc90afdd900e8f
Type fulltextMimetype application/pdf

Other links

Publisher's full textScopus

Authority records

Bugeja, JosephJacobsson, Andreas

Search in DiVA

By author/editor
Bugeja, JosephJacobsson, Andreas
By organisation
Internet of Things and People (IOTAP)Department of Computer Science and Media Technology (DVMT)
Engineering and Technology

Search outside of DiVA

GoogleGoogle Scholar
Total: 3506 downloads
The number of downloads is the sum of all downloads of full texts. It may include eg previous versions that are now no longer available

doi
isbn
urn-nbn

Altmetric score

doi
isbn
urn-nbn
Total: 359 hits
CiteExportLink to record
Permanent link

Direct link
Cite
Citation style
  • apa
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • Other style
More styles
Language
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Other locale
More languages
Output format
  • html
  • text
  • asciidoc
  • rtf