top | item 12779745

(no title)

alex1 | 9 years ago

There should be recalls from more manufacturers. Someone I know purchased a surveillance camera with a major brand name (Samsung) from Costco [0] just a few weeks ago that gave me a root shell by simply telneting in as root with no password and no way to reliably set a root password or disable telnet. It was returned the following day. Last I checked, Costco is still selling it. This problem isn't confined to cheap Chinese cameras you can buy online. Vulnerable devices are being sold at major American retailers and they are still on the shelves.

[0] http://www.costco.com/Samsung-SmartCam-HD-Plus-1080p-Wi-Fi-I...

discuss

rietta|9 years ago

Yeah, this is one reason I still don't have security cameras setup on my home network. If I decide to get them, I am going for a dedicated ethernet network just for cameras and no internet connection. I may allow a VPN to a inside the house server to see footage. According to the Wirecutter, Nest cameras are some of the better commercial one but I've still not bought one or done any review myself.

exhilaration|9 years ago

When we were shopping for a baby cam to keep an eye on the baby, I opted to get a simple RF cam [1] instead of the more popular IP cameras that allow you to use your smartphone and monitor from anywhere.

The lower tech approach means you can park a van in my driveway and probably pick up the signal but that's a lot harder (and more obvious) than scanning an IP range from anywhere in world and finding vulnerable devices.

[1] https://www.amazon.com/Foscam-FBM3501-Wireless-Digital-Monit...

shelbyfinally|9 years ago

We have IP cameras (Axis) on a dedicated VLAN that doesn't have access to/from the WLAN, and things work pretty well. I don't trust VPN's (NSA clearly watered down the IPSEC standard and can definitely compromise most IPSEC connections [not sure about IKEv2]; OpenVPN is a messy pile of shit that is undoubtedly swamped with vulnerabilities), but do allow a VPN into my camera network. The compromise I made is to send a notification email for each established VPN connection, regardless of how it was established, so at least I'll probably know if someone else connects.

With Nest, you have to use their "cloud" for it to be fully functional, which to me makes it a no-go for anybody like you who is actually concerned with his/her security/privacy.

The most popular IP camera on Amazon is a Chinese camera gets your Wifi password through their app via the "cloud". Fuck that.

ViViDboarder|9 years ago

I have my router firewall blocking all traffic to and from the Internet to my cameras. My router also offers OpenVPN for when I need access. It's not perfect, but it provides pretty good protection against someone attempting to use generic methods to compromise my devices as we've seen here.

CaptSpify|9 years ago

If you have the interest and knowhow, you can build your own with an RPI. That's what I eventually did.

Admittedly, it's a far cry from an Off-the-Shelf solution though.

socmag|9 years ago

If we start down the legislative road for all elements connected to the Internet, where is that going to end up?

zymhan|9 years ago

"...hackers were able to take over the cameras because users had not changed the devices' default passwords."

"Security issues are a problem facing all mankind," it said. "Since industry giants have experienced them, Xiongmai is not afraid to experience them once, too."

The fact that they aren't scared of having brain-dead security failures in their products is, to put it lightly, telling.

socmag|9 years ago

Liability rests with the network itself. Bitching about devices or retailers is pissing against the wind

socmag|9 years ago

[deleted]

socmag|9 years ago

Keep going with the down votes...

Shall I give you a couple of hundred comments for ammunition.

On the other hand, if you disagree with my perspective, man up and present an alternate perspective.

How is that?

mplewis|9 years ago

Please don't complain about downvotes. Keep the discussion centered around the content of the article.

hx87|9 years ago

The downvotes (for comments after the first) are more for the spamming and metacomplaints than anything else.

socmag|9 years ago

You can down vote me all you want. Go for it

socmag|9 years ago

Oh no there are vulnerable devices on the Internet. Do you have any idea what you are saying?

EVERY device on the Internet is vulnerable, and it makes no difference to Dyn DNS where it was manufactured or how long it had been running without an update.

Zero Day Exploits are real!

Wake up!