IoT Security: Penetration Testing of White-label Cloud-based IoT Camera Compromising Personal Data Privacy
International Journal of Computer Science & Information Technology (IJCSIT)
The Internet is driving force on how we communicate with one another, from posting messages and images to Facebook or "tweeting" your activities from your vacation. Today it is being used everywhere, now imagine a device that connects to the internet sends out data based on its sensors, this is the Internet-ofThings, a connection of objects with a plethora of sensors. Smart devices as they are commonly called, are invading our homes. With the proliferation of cheap Cloud-based IoT Camera use as
... a surveillance system to monitor our homes and loved ones right from the palm of our hand using our smartphones. These cameras are mostly white-label product, a process in which the product comes from a single manufacturer and bought by a different company where they are re-branded and sold with their own product name, a method commonly practice in the retail and manufacturing industry. Each Cloud-based IoT cameras sold are not properly tested for security. The problem arises when a hacker, hacks into the Cloud-based IoT Camera sees everything we do, without us knowing about it. Invading our personal digital privacy. This study focuses on the vulnerabilities found on White-label Cloud-based IoT Camera on the market specifically on a Chinese brand sold by Shenzhen Gwelltimes Technology. How this IoT device can be compromised and how to protect our selves from such cyber-attacks.