Shitty Chinese WIFICAM cameras 0day root exploit alert
-
"offers reasonable security because the customer base is so ignorant of the security issues"
Very very good point!!!
You see it here on the board, you would hope the people moving to pfsense vs the off the shelf router would have some concepts.. But you see it all the time, how do I forward rdp how do I open web gui to the wan..
How do I bridge all the interfaces so everything is on 1 network ;)
-
@webtyro:
First time I heard a fridge and IP in the same sentence I thought hmm what a waste of an IP. Second thought was security. This is going to be ugly.
There are IoT refrigerators with cameras that stream the inside of the fridge. Maybe the crappy security camera should go in the fridge and stare back at the fridge camera. Battle of the insecure eyes.
Good lord after looking at that list is there ANYONE that makes a decent IP camera?
Amcrest? I have installed these for clients. Glad they are not on the list….yet.
-
Good lord after looking at that list is there ANYONE that makes a decent IP camera?
Perhaps Axis or Ubiquiti (and of course any cloud "feature" turned off). At least those are the brands that seem to produce kinda regular firmware updates for a reasonable period of product lifetime.
-
My chinese Dahua(!!) and Hickvision cameras and DVR are on a locked down VLAN. Remote access is done with VPN or a zoneminder streaming server on another VLAN.
They have only NTP access to pfsense. No DNS resolution or anything else.Hickvision are pretty decent hardware, but often come from a grey market, with hacked chinese firmwares you cannot update without loosing english language.
-
-
-
???
-
Does it link to Alexa and order a new roll when there are only a few sheets left?
-
@marjohn56:
Does it link to Alexa and order a new roll when there are only a few sheets left?
Still looking for the damn JTAG to see what crap firmware it has. Who knows what it is reporting. :o
-
@webtyro:
Still looking for the damn j tag to see what crap firmware it has. Who knows what it is reporting. :o
Perhaps if it all links together it will know when you've ordered a curry and will order extra rolls! ::)
-
@webtyro:
???
-
@marjohn56:
@webtyro:
Still looking for the damn j tag to see what crap firmware it has. Who knows what it is reporting. :o
Perhaps if it all links together it will know when you've ordered a curry and will order extra rolls! ::)
Any coder worth his weight in curry would write a proximity alert package to start pre-feeding sheets as your running towards it to tcpdump….
-
So I'm simple when it comes to IT, I read through this but most of it doesn't make much sense to me.
One of the main things I took away was this:
It’s useful to note the tunnel bypasses NAT and firewall, allowing the attacker to reach internal cameras (if they are connected to the Internet)
I certainly don't understand how the tunnel just "bypasses a firewall"? Either way it sounds like so long as the device doesn't have internet access then this is a non-issue?
I have a cheap IP Cam, I believe that my configuration for it is secure but having seen this I'd like to ask here to get some feedback from those who know what they are talking about.
-
My IP Camera is on my LAN
-
My LAN rules are whitelist & IPv4 only
-
The only remote access to the Camera is over my OpenVPN server
-
The first three rules (after pfBlockerNG) are for the IP Camera(192.168.30.13):
Pass/IPv4/UDP/192.168.30.13/any/192.168.30.1/123/any Block/IPv4/any/192.168.30.13/any/any/any/any Block/IPv4/any/any/any/192.168.30.13/any/anyIs this secure?
-
-
Since my IPCAM use also ipv6, I choose to put them all on a dedicated vlan with no internet gateway at all.
My first solution has been put them on a blacklist alias. -
Good lord after looking at that list is there ANYONE that makes a decent IP camera?
Bosch and Dallmeier probably
-
Also the dummy plastic ones should be pretty safe.
-
Good lord after looking at that list is there ANYONE that makes a decent IP camera?
I believe foscam are originally made from Canada. Not just sure about its video quality.
-
Company Profile
ShenZhen Foscam Intelligent Technology Co.,limited is a leading professional high-tech company which provides IP video camera and solutions in China.Foscams are well known for their awful security. I wrote the above firewall rules to try to secure my Foscam.
Still interested in any feedback on if I can consider my Camera secure or not? -
"Block/IPv4/any/any/any/192.168.30.13/any/any"
That is on your lan interface tab, and your lan network is 192.168.30 and your camera is .13??
That rule is useless on the lan interface.. Nothing on the lan would be talking to pfsense to talk to your camera. And if the traffic was coming from the internet or another vlan the rules on the lan interface are not evaluated.
If you would like your rules exampled - them post them.. not this ascii art..
""bypasses a firewall""
You don't understand how tunnel through a firewall outbound can be used to talk to the client behind the firewall without the firewall doing anything about that traffic??
-
I don't have access for screenshot right now, but is the attached screenshot clearer for the rules?
I'm not trying to block the IP Camera from the LAN, I access it with devices on the LAN. I'm trying to block it from the web.
