Shitty Chinese WIFICAM cameras 0day root exploit alert
-
Company Profile
ShenZhen Foscam Intelligent Technology Co.,limited is a leading professional high-tech company which provides IP video camera and solutions in China.Foscams are well known for their awful security. I wrote the above firewall rules to try to secure my Foscam.
Still interested in any feedback on if I can consider my Camera secure or not?Thanks for the heads up about foscam poor security features.
-
Has anyone tried the brand Net gear? How is it?
-
a lot of these cheaper cameras use the same software, and pcb boards inside varying shaped and branded housings ive noticed, amazon is a good place to look and see identical cameras listed under 10 different brand names.
-
I bought a Go pro 3 black edition and a couple of truck accessories at 4WheelOnline. In the box it stated it has an IP Camera function/capabilities. Anyone tried it yet?
I found a link how to have it done; http://www.instructables.com/id/Gopro-Hero-3-Black-Edition-IP-camera/
-
Many cameras are made by hikvision though they have their own firmware versions. I generally recommend going with hikvision since they put out new firmware versions on a regular basis.
-
Heh, where I live a hick vision camera would be very appropriate. ;D
-
Is it possible to securely access the cameras via the vpn server, blocking outbound over the normal wan gateway or is that still to much of a risk?
-
What do much of a risk - a vpn to access your iot devices. That would be fine. If your worried about them phoning home or some bad place then block their outbound access. This has nothing to do with your accessing them via a vpn connection.
-
If your worried about them phoning home or some bad place then block their outbound access.
Fully agree - 99% of the connection risk with any of the current IP cameras (good or bad) comes from the network design (or rather lack of).
The notion that you can attach these things willy nilly to your LAN, give them a random IP address via DHCP and let uPNP setup all your router's external port forwarding is Not Going to End Well.Give the cameras and NVR their own network isolated from other traffic.
Add internal access only as necessary.
Allow external access through some means of VPN (NOT port forwarding!).In other words apply some best network practices for potentially insecure devices that might have valuable information
-
The notion that you can attach these things willy nilly to your LAN, give them a random IP address via DHCP and let uPNP setup all your router's external port forwarding is Not Going to End Well.
lol
-
If only IoT devices connected to a smart home system, and that connected to the internet. Eliminate the dozens of appliance specific attacks and eliminate the security issues
-
Is it possible to securely access the cameras via the vpn server, blocking outbound over the normal wan gateway or is that still to much of a risk?
Thats how i did it. 12 Hikvision IP cams connected to a Hikvision POE NVR. The NVE is connected direct to its own interface on my pfSense appliance with all outbound blocked (as well as access to/from any of the other interfaces). I VPN in to the network to view the live feeds when needed…
FYI the industry is starting to wake up.
http://z-wavealliance.org/mandatory-security-implementation-z-wave-certified-iot-devices-takes-effect-today/
