In this paper, we present an end-to-end view of IoT security and privacy and a case study. Our contribution is twofold. First, (DOI:10.1109/GLOCOM.2017.8254011)we present our end-to-end view of an IoT system and this view can guide risk assessment and design of an IoT system. We identify 10 basic IoT functionalities that are related to security and privacy. Based on this view, we systematically present security and privacy requirements in terms of IoT system, software, networking and big data analytics in the cloud. Second, using the end-to-end view of IoT security and privacy, we present a vulnerability analysis of the Edimax IP camera system. We are the first to exploit this system and have identified various attacks that can fully control all the cameras from the manufacturer. Our real- world experiments demonstrate the effectiveness of the discovered attacks and raise the alarms again for the IoT manufacturers.
