Comments

Clive Robinson July 9, 2020 8:47 AM

Basically, attackers can learn very basic information about what’s going on in front of the camera, and infer when there is someone home.

This is expected.

If you think about an uncompressed or unencoded video signal from a fixed point camera, it is a very very repetative image, that gets scanned.

The result is a signal where each scan line does not change from frame to frame, and infact does not change very much from the scan line either side, except for the first and last lines of a frame or interlace scan.

If something moving comes into the cameras field of view then it will have spectral components that relate to both it’s speed and directionality as well as it’s image.

Whilst you may not be able to determin the image of the object simply by spectral content differences determining the speed and direction of the moving object is not that difficult via 2D Fourier analysis.

But, even after compression the spectral component changes become rather more pronounced in the output signal.

I think most of us have seen the “Tux Image” with it’s before and after encryption using the wrong encryption mode well that image comes about from the spectral components in the signal at “edges”.

As I’ve mentioned in the past you actually do not need a high frequency signal to tell what is being watched on various displays. Sufficient information from frame to frame which coresponds to the average intensity of the frame can be detected by monitoring the input to the display powersupply. This can be compared to a known signal to work out what TV channel you are watching or which DVD etc.

The reason I mentioned it back then was that I also noted that the likes of burglars could determin your behavious from the power signiture of your whole house, and that Smart Meters could be in theory used to spy on selected homes over the power grid.

So to use an old saying “Colour me unsuprised” that people are only now getting around to it…

me July 9, 2020 9:12 AM

but most of the people publish stuff on facebook so there are easier ways to tell if you are in your hose or not.
there is an even simpler one: use the door bell 🙂 if nobody answer nobody is in the home (probably)

JonKnowsNothing July 9, 2020 10:07 AM

@Me
re:

use the door bell 🙂 if nobody answer nobody is in the home (probably)

Someone looking to burgle your home probably has a lot better method of selection.

Not answering anything, presumes someone actually wants to answer.
We have been reverse trained to NOT answer.

People don’t answer:

  • Door bells or knocks
  • Landline phones
  • Emails
  • Text Messages
  • Voice Mail
  • Smartphones
  • Snail Mail
  • Shoutouts

There is still a lot of compulsive answering but the list of “auto ignored” communications is getting longer.

There are two types of burglars:
  Those that wait for you to leave and those that don’t.

Rop July 9, 2020 10:08 AM

there is an even simpler one: use the door bell 🙂
if nobody answer nobody is in the home (probably)

Warning: do not attempt when Black

Clive Robinson July 9, 2020 11:43 AM

@ me,

but most of the people publish stuff on facebook

But accessing that is an “active” attack that leaves a trail, that investigators can and do these days follow.

The way things are today it’s highly unlikely there are burglars and the like who could pull off an “active” attack and not get recorded along the way. Whilst they might get away with it once or twice, they start running out of options, also they are likely to make OpSec mistakes that give them away in some way.

This attack being “traffic analysis” is effectively a “passive” attack. That is you simply sit somewhere in somebidies upstream router and watch the packets flow by.

Which unlike an active attack does not require you to actually visit the end points such as the users home or Facebook servers just some opportune point such as an upstream router. This immediately makes any investigation much much harder.

Whilst your comms to the intercept head on the upstream router might be detected, it takes a lot lot less effort to disguse what you are doing and thus break any correlation attack on you an investigator might carry out.

A simple example is the intercept head would log ten to twenty potential targets plus another ten or a hundred targets you are never going to attack on the intercept head, these would then get sent at random times to a “drop point” somewhere that you never access. Because you have another intercept point on a router upstream of the drop point, that again at random times sends parts of the log.

If you use encryption wisely you’ve effectively built in two “cut outs” which break most simple analysis because they “store, change and forward” thus breaking correlations in time size and content.

Whist some readers of this blog are more than capable of doing this, again it’s not something your average house breaker would be upto, however it’s well within the capabilities of higher level criminal “helpers” and thus those working for quite a number of central and local governments agencies, and meadium to large national or international corporates, and well within the capabilities of those carrying out economic espianage from quite a small organisation upwards to the likes of Kroll and quite a few “pen-testers” as well.

So whilst burglary might be on the agenda, so might the various other forms of “black bag jobs” including the various levels of “wet work” from kidnapping, through tourture and assasination.

Thus people who might pay money for the “premium service” of these camera systems, they might be better spending the money up front on a better “CCTV System” with the empasis very much on “Closed”.

Phaete July 9, 2020 12:18 PM

With the amount of electrical devices we use nowadays, especially when we get home and at certain times we leave an EM signature that can tell almost everything we do.
From microwave use to tv watching. Lights on/off, stepping up of powersupplies because your PC/whatever needs more power, NAS waking up, coffee/juicers in the morning etc.

A lot is shielded to a certain degree by law, but that only means you need better receivers or better proximity.

So everyone’s personal habits are leaking out so much information, you can’t stop/shield it all.
People determined enough can gather far more information than that we are comfortable sharing.

It’s just how much effort do you want to do to make it more difficult, as to fully prevent it is impossible.

Q July 9, 2020 9:59 PM

The real problem here is not the camera, or the video stream, or the protocol.

The real problem is the “cloud” connection.

I don’t want to upload my vids to someone else’s computer. I want to store them on my system(s). No “cloud” provider gets to dictate how or when I decide record video, or delete video, or view video.

Stop with the “cloud” everything. Those companies don’t have your best interests as their primary concern. They only care about making money. From you. You’ll buy their crap with “free” cloud storage, and then be held hostage when they decide they want more money.

Knock Knock July 9, 2020 10:34 PM

@Rop
>

there is an even simpler one: use the door bell 🙂
if nobody answer nobody is in the home (probably)

Warning: do not attempt when Black

Word.

Clive Robinson July 10, 2020 2:04 AM

@ Q,

The real problem is the “cloud” connection.

Yup hence my comment of,

    spending the money up front on a better “CCTV System” with the empasis very much on “Closed”.

One of the first rules of security is “keep your secrets under your control” with the likes of the old “Three can keep a secret, if the other two are dead”.

I’ve always contended that a “Service Level Agreement” does not constitute “control” in any meaningful way thus “moving to the cloud” is a bad idea especialy if based on very short term financial thinking.

@ Steve,

Make of that what you will.

That is the “news item” sites doing and nodoubt “CNN Business” is charging handsomely for, and yes it would be funny if it was an “Internet based” camera.

Not so fot the researchers who I suspect have no control in any way over it, thus might be somewhat annoyed. One of whom –from Queen Mary University of London– I’ve met and chated with in the past all be it briefly, as I get older I find the world feels smaller :-S

me July 10, 2020 7:54 AM

@Clive Robinson

i might got it wrong but… isn’t the attack a mitm attack where you intercept data (encrypted or not) and from stream bit rate you guess if someone is moving or not???

this is an active attack.

same goes if you hack the cloud platform instead of mitm.

Clive Robinson July 10, 2020 11:34 AM

@ me,

isn’t the attack a mitm attack where you intercept data

No it’s not a MITM attack, because you are not putting yourself between the end points, and the data is “not going through you”

That is you are not changing the flow of data in any way or the number of nodes etc, you are just simply observing the traffic go by with the data packets like “ants in an ant farm” going about their business as usual.

Thunderbird July 10, 2020 1:32 PM


but most of the people publish stuff on facebook so there are easier ways to tell if you are in your hose or not.
there is an even simpler one: use the door bell 🙂 if nobody answer nobody is in the home (probably)

The difference is that a burglar can only ring so many doorbells–not all the doorbells. Scale is important.


No it’s not a MITM attack, because you are not putting yourself between the end points, and the data is “not going through you”

The study was carried out

Our work relies on a 7 day dataset of log entries (from April2018) shared by a major Chinese HSC service.

using logs, but if you wanted to actually carry out an attack you would either have to be the service provider or have the traffic passing through a box under your control. That seems close enough to “man in the middle” for government work. I guess if I were describing it in a phrase I’d use “traffic analysis” but it’s hard to argue against man-in-the-middle since you need the network headers to carry out the analysis.


The real problem is the “cloud” connection.

I don’t want to upload my vids to someone else’s computer. I want to store them on my system(s). No “cloud” provider gets to dictate how or when I decide record video, or delete video, or view video.

Depends on what you’re trying to accomplish. If you want to be able to catch the person or persons that stole all your stuff–including your NAS–having the video stored off-site is kind of important. I think I would argue strongly for some decent encryption, but storing things on someone else’s computers isn’t automatically a bad idea. Just very likely a bad one.

Steve July 10, 2020 4:31 PM

Seems as if my comment got deleted.

If I violated protocol on some level with a bit of snark, I apologize to the proprietor.

Clive Robinson July 11, 2020 1:44 AM

@ SpaceLifeForm,

In this case, the lack of Noise.

Oh if that were so…

I’m one of those people for whom HF communications is important even though the sunspot cycle is at a minimum.

The amount of “RF noise” and other sh1t collectively called QRM, put out by modern homes is quite frankly astounding.

Thus trying to receive communications from out stations is to be blunt neigh on inpossible within three to four miles of even a modest town. Especially if there are overhead power lines within that diatance.

Whilst transmission from within even cities is not particularly effected, having to have two or more remote receive sites is both a technical and economic burden.

But the new insidious noise sources are direct to mains IoT devices like “Smart Bulbs” and for those with green credentials the new higher efficiency solar pannels that take the DC output of the cells and using High Frequency switchers attempt to get over the IR-losses of the feeder cables, that again are often above ground at a relatively modest hight.

They thus act like broadcast antennas in “Near Verticle Incidence Skywave” mode that makes direction finding to “null the signals” very dificult or worse.

It’s got to the point where we are having to use very narrowband signalling techniques ontop of wideband “sudo-noise” signals that used to be the preserve of military and similar “Low Probability of Intercept”(LPI) covert signalling just to get sufficient noise margin to get the BER into an acceptable range for the likes of FEC to work…

Andrew July 21, 2020 12:29 AM

Very interesting can of worms here.

I will only say that the people who think it’s outlandish that burglars would ring your doorbell clearly don’t live in California. It is in fact the main (and simplest) method of the organized burglary rings that operate in the Bay Area and Southern California.

Knock-knock burglars

Your average criminal, even a smart one, is not going to analyze an encrypted video feed or sift through packets from your router.

Unless you are being targeted by an intelligence service, or are involved at some extremely high level with international organized crime (and even then it would be unlikely), this is almost certainly just a thought exercise. And if you are being targeted by an intelligence service, I don’t think you can protected yourself by not storing your home video feed on a corporate cloud server.

Leave a comment

Login

Allowed HTML <a href="URL"> • <em> <cite> <i> • <strong> <b> • <sub> <sup> • <ul> <ol> <li> • <blockquote> <pre> Markdown Extra syntax via https://michelf.ca/projects/php-markdown/extra/

Sidebar photo of Bruce Schneier by Joe MacInnis.