Vulnerabilities in IP cameras

fenderman

fenderman

Staff member
Mar 9, 2014
36,891
21,406
Tenvis, Geenker, Keekoon, and Reolink.

Vulnerabilities in smart IP cameras expose users to privacy, security risks | ITProPortal
Internet of Things Devices Have a Serious Security Problem

"The Reolink C1 Pro Camera has also been found harbouring a wide range of firmware vulnerabilities that could allow threat actors to remotely tap into them. While these are for both indoor and outdoor use, the vulnerabilities found would allow attackers to not only get the users’ email credentials if email alerts are set, but also collect Wi-Fi credentials, inject commands, and even bypass the entire authentication process and directly interact with the device. This model has several vulnerabilities that attackers can exploit easily, so they could use is as a gateway into a user’s home network – as the camera is normally connected to the same Wi-Fi network as all other devices – and from there expand their foothold and collect additional sensitive information."
 
  • Like
Reactions: newfoundlandplucky, looney2ns, tangent and 4 others
fenderman said:
Tenvis, Geenker, Keekoon, and Reolink.

Vulnerabilities in smart IP cameras expose users to privacy, security risks | ITProPortal
Internet of Things Devices Have a Serious Security Problem

"The Reolink C1 Pro Camera has also been found harbouring a wide range of firmware vulnerabilities that could allow threat actors to remotely tap into them. While these are for both indoor and outdoor use, the vulnerabilities found would allow attackers to not only get the users’ email credentials if email alerts are set, but also collect Wi-Fi credentials, inject commands, and even bypass the entire authentication process and directly interact with the device. This model has several vulnerabilities that attackers can exploit easily, so they could use is as a gateway into a user’s home network – as the camera is normally connected to the same Wi-Fi network as all other devices – and from there expand their foothold and collect additional sensitive information."
Click to expand...

Only C1 as the second article doesn't refer to any single reolink so assuming all in the second article?
 
TL1096r said:
Only C1 as the second article doesn't refer to any single reolink so assuming all in the second article?
Click to expand...
The second article mentions reolink as a whole. Im sure the rest of the reolinks are full of vulnerabilities, just like every other ip camera.
 
fenderman said:
The second article mentions reolink as a whole. Im sure the rest of the reolinks are full of vulnerabilities, just like every other ip camera.
Click to expand...

Unfortunate. Do you have any good articles on minimizing the vulnerabilities if they cannot be fixed?
 
TL1096r said:
Unfortunate. Do you have any good articles on minimizing the vulnerabilities if they cannot be fixed?
Click to expand...
See the wiki on securing your network. Use a vpn and block internet access. If the cameras dont have internet access they are no threat.
 
TL1096r said:
Unfortunate. Do you have any good articles on minimizing the vulnerabilities if they cannot be fixed?
Click to expand...

Do not make you cameras reachable from the Internet (ie. no port-forwarding to your cameras), do not allow your cameras to reach the Internet, put your cameras in a separate VLAN. If you want to be able to connect to your cameras remotely do so through a VPN. Also do not connect them through WiFi.

I'm pretty sure this is covered in the Cliff notes and in the VPN primer for Noobs (think that's the title) by Nayr here on this forum.

Oh and in principle the above applies to just about any device that is connected to your LAN.

Edit: Ninja'd by fenderman
 
  • Like
Reactions: mat200 and fenderman
SecuritySeeker said:
Do not make you cameras reachable from the Internet (ie. no port-forwarding to your cameras), do not allow your cameras to reach the Internet, put your cameras in a separate VLAN. If you want to be able to connect to your cameras remotely do so through a VPN. Also do not connect them through WiFi.

I'm pretty sure this is covered in the Cliff notes and in the VPN primer for Noobs (think that's the title) by Nayr here on this forum.

Oh and in principle the above applies to just about any device that is connected to your LAN.

Edit: Ninja'd by fenderman
Click to expand...
you gotta be fast here..;)
 
  • Like
Reactions: SouthernYankee, aristobrat and mat200
SecuritySeeker said:
Do not make you cameras reachable from the Internet (ie. no port-forwarding to your cameras), do not allow your cameras to reach the Internet, put your cameras in a separate VLAN. If you want to be able to connect to your cameras remotely do so through a VPN. Also do not connect them through WiFi.

I'm pretty sure this is covered in the Cliff notes and in the VPN primer for Noobs (think that's the title) by Nayr here on this forum.

Oh and in principle the above applies to just about any device that is connected to your LAN.

Edit: Ninja'd by fenderman
Click to expand...

For your VPN - be careful:
For paranoid non port forwarders - Homeland Security Says Hackers Could Crack Some Enterprise VPNs

VLAN - I need to look into that. My router doesn't have this function.
 
TL1096r said:
For your VPN - be careful:
For paranoid non port forwarders - Homeland Security Says Hackers Could Crack Some Enterprise VPNs

VLAN - I need to look into that. My router doesn't have this function.
Click to expand...
The vpn was NOT hacked and if and when any decent brand has a vulnerability they fix it fast. On the other hand, ip camera makers from china wait many months or never do anything. . Read the article. No one will be hacking your vpn setup. On the other hand, port forwarded cameras are hacked every day by large bots.
 
fenderman said:
The vpn was NOT hacked and if and when any decent brand has a vulnerability they fix it fast. On the other hand, ip camera makers from china wait many months or never do anything. . Read the article. No one will be hacking your vpn setup. On the other hand, port forwarded cameras are hacked every day by large bots.
Click to expand...

Many cannot be hacked due to the password according to articles I was reading but very doable with reolink. I might have to not port forward. I have plans to use BI app to look while away. What VPN app have people been using on their phones as I know one was exposed awhile back.
 
TL1096r said:
Many cannot be hacked due to the password according to articles I was reading but very doable with reolink. I might have to not port forward. I have plans to use BI app to look while away. What VPN app have people been using on their phones as I know one was exposed awhile back.
Click to expand...
You are confused, every camera manufacturer has had a vulnerability. The password is useless. You misunderstood the article.
 
  • Like
Reactions: SouthernYankee
fenderman said:
You are confused, every camera manufacturer has had a vulnerability. The password is useless. You misunderstood the article.
Click to expand...

The VPN is the only way to keep it safe then? What is the VPN app everyone is using nowadays?
 
TL1096r said:
The VPN is the only way to keep it safe then? What is the VPN app everyone is using nowadays?
Click to expand...

FYI - best way to keep them safe is to keep them off the internet ;-)

otherwise, start with disable UPnP, P2P,.. etc on your router

Look for OpenVPN to run on your routers and a client app for your remote device
 
  • Like
Reactions: TL1096r
mat200 said:
FYI - best way to keep them safe is to keep them off the internet ;-)

otherwise, start with disable UPnP, P2P,.. etc on your router

Look for OpenVPN to run on your routers and a client app for your remote device
Click to expand...

You can keep it off the internet and still remotely look at your camera safety? I could be confused on terminology maybe.
 
I use openVPN on an asus router. All my cameras are on a seperate (second) NIC running from my BI PC. So there is no camera traffic to the router.
Also on the asus route you can use parental controls to block device by mac address. ( not necessary with the second nic.
 
SouthernYankee said:
I use openVPN on an asus router. All my cameras are on a seperate (second) NIC running from my BI PC. So there is no camera traffic to the router.
Also on the asus route you can use parental controls to block device by mac address. ( not necessary with the second nic.
Click to expand...

How do you load openVPN on a router? Your setup sounds advanced.
 
OpenVPN happens to be standard on the ASUS routers, it’s part of what makes them such a popular recommendation here (besides being cheap and having above average firmware fixes/patches).
 
crw030 said:
OpenVPN happens to be standard on the ASUS routers, it’s part of what makes them such a popular recommendation here (besides being cheap and having above average firmware fixes/patches).
Click to expand...
GOOD INFO. I have a dlink router from cable company. Is it possible to buy an ASUS router and bypass that one? All settings are online for my cable's router.
 
Look into whether your D-Link model supports bridge mode, if it does that combined an ASUS might work. Can also check with your provider to see if you can Bring Your Own Equipment, with the right settings it’s entirely possible the ASUS could replace the D-Link outright unless the Dlink is integral to the cable interface (like I had a Motorola Surfboard with an ASUS firewall/router/VPN behind it when I was using cable internet, the Surfboard was hooked to the incoming cable (so it was the interface) but other than that purpose it was transparent and the ASUS was my firewall etc).
 
  • Like
Reactions: TL1096r
You must log in or register to reply here.
Top Bottom