Academy & Industry Research Collaboration Center (AIRCC)

Volume 9, Number 7, June 2019

Vulnerability Analysis of IP Cameras Using ARP Poisoning


Thomas Doughty, Nauman Israr and Usman Adeel, Teesside University, UK


Internet Protocol (IP) cameras and Internet of Things (IoT) devices are known for their vulnerabilities, and Man in the Middle attacks present a significant privacy and security concern. Because the attacks are easy to perform and highly effective, this allows attackers to steal information and disrupt access to services. We evaluate the security of six IP cameras by performing and outlining various attacks which can be used by criminals. A threat scenario is used to describe how a criminal may attack cameras before and during a burglary. Our findings show that IP cameras remain vulnerable to ARP Poisoning or Spoofing, and while some cameras use Digest Authentication to obfuscate passwords, some vendors and applications remain insecure. We suggest methods to prevent ARP Poisoning, and reiterate the need for good password policy.


Security, Camera, Internet of Things, Passwords, Sniffing, Authentication