The Evil of Spy Camera

Presented at Black Hat Asia 2020 Virtual, Oct. 1, 2020, 10:20 a.m. (40 minutes).

As you see, spy-cams have increased. In China, there has been a lot of news about pinhole cameras found in hotels, rental houses, and other accommodations in the past year. Around the world, the situation is not optimistic too. For example, news reports have said that spy cameras were reportedly hidden in digital TV boxes, wall sockets and hairdryer holders in 42 hotel rooms. Women in South Korea have come to fear that cameras could be anywhere, and monthly protests against spy cameras occur in Seoul. "My life is not your porn" became a slogan popularized in the protests.

With the development of Internet of Things, hidden cameras are becoming smaller, clearer, and more functional with 1080P / 4K / Wi-Fi / remote control. And, prices are getting cheaper and cheaper. For only $30, you can buy a spy camera with a charger disguised, WiFi remote control and 1080p HD on Amazon or eBay. For tourists and residents, it becomes more and more difficult to find these cameras. And there is no simple and effective detection method to find the camera now.

In this talk, we will introduce the structure and work principle of spy camera, and several effective ways to find all the cameras. After researching more than 30+ spy cameras, we found that although these cameras use different hardware and app control software, all of them use only about four kinds of solutions. We did a lot of reverse engineering for each solution. At last, we have implemented a camera discovery method (or even found rce vulnerability in each scheme) according to the protocol. With this method, it is very easy to detect a spy camera. Only needs APP to be installed. It could cover each case, which was mentioned in the news (for example, the case of "1600 hotel guests in South Korea"). At the same time, we will introduce some other auxiliary detection methods, including physical methods such as Temperature Information, infrared information, 802.11 frame information, high-frequency / low-frequency electromagnetic radiation / metal detection, and how the company or hotel can identify spy camera in their network traffic.


Presenters:

  • Shupeng Gao - Senior Security Researcher, Baidu
    Shupeng Gao is a member of Baidu Security Lab. He is an expert on IoT security, AI security, penetration testing, etc. He was invited to talk at multiple security conferences (such as Black Hat USA / DEF CON USA / BlueHat...), and successfully pwned IOT equipments on XPwn 2016/2017/2018, GeekPwn May/October 2017, the biggest pwn competitions in China.
  • Ye Zhang - Security Researcher, Baidu
    Ye Zhang is a security researcher of Baidu Security Lab X-Team. He's good at reverse engineering and malware analysis and now he focuses on finding IoT vulnerabilities.

Links:

Similar Presentations: