PARVP: passively assessing risk of vulnerable passwords for HTTP authentication in networked cameras

BSTRACTNetworked cameras continue to be an attractive target of cyber-attacks and therefore present huge risks to organizations. The use of vulnerable credentials (manufacturers default or publicly known) by these devices remains a primary concern for network and cybersecurity teams. This paper aims to assist enterprise network operators to systematically and passively assess the risk of using default credentials or vulnerable authentication schemes for directly accessing connected cameras. Our contributions are two-fold: (1) We analyze HTTP traffic traces of enterprise-grade network cameras (sourced from popular manufacturers including Cisco, Axis, and Pelco), identify the signature of their authentication techniques, including Basic, regular Digest, and Web Service Security (WSS), extracted from request packets, and develop a system with an algorithm (PARVP) for automatic and passive assessment of authentication risks; and (2) We apply PARVP to traffic traces of about 1.4 million HTTP authentication sessions selectively collected from network traffic of more than 1000 cameras (in our university campus network) during three weeks, and draw insights into risks, including cameras that accept default passwords (though hashed) and camera controllers that reveal passwords (though obsolete) by insecure authentication.