2

I have purchased an IP Camera from Ebay (http://www.ebay.com/itm/151349669865). When I read the description of the camera, it said it has an embedded linux in it. I though that I will be able to connect to it and then use with zoneminder.

Now, the issue is that I have the camera. With the camera, comes a small leaflet which tells to download a mobile application from google play. Once downloaded, connect the IP Camera via a LAN Cable to the router. Then use the mobile application to configure the WiFi(username & password) on the IP Camera. Therefore, from anywhere, with the mobile app, you can connect to the IP Camera and view. I've access to the web Interface of the router and I can see the IP of the camera which is 10.81.232.203. In the mobile app, I just had to enter the following details: 1. ID found bottom of the IP Camera 2. Username on the IP Camera, 3. Password, there was no password 4. My Router Credentials

I've some questions regarding this:

  1. Is this method safe? Because if I can understand, there is a daemon running on the IP Cam which is constantly updating a database somewhere with my new public IP from the ISP. Then, from anywhere to be able to connect to the IP Camera, it is bypassing the router with my router credentials which I have put in the client mobile application. So, it is possible that the credientials may have been transferred and saved on a database. So, this is not secure as people having access to that database may be able to connect to the IP camera and view

  2. Suppose the above is true, what can I do to know how do I connect to the IP camera without the use of the mobile application?

Noor
  • 989

2 Answers2

1

there is a daemon running on the IP Cam which is constantly updating a database somewhere with my new public IP from the ISP

Makes sense.

it is bypassing the router with my router credentials

You didn't go into detail about this part but it's not bypassing your router. It's being forwarded to by your router. Your external public IP is the router's IP; nothing inside the LAN has one. But you can then arrange for a particular port on the router to be forwarded to a particular local IP/port combination.

people having access to that database may be able to connect to the IP camera and view

That depends. If there's some form of authentication involved, not necessarily. Ideally, passwords are stored using a one-way hash (see the 2nd & 3rd paragraphs here); that's how they are on (e.g.) a normal GNU/Linux system. This means even if someone gets your hard drive, they still don't actually have your passwords.

I.e., that style of authentication requires that you know the password. It isn't stored anywhere because it doesn't need to be to work. The only place it could be stolen would be in transit when you use it (which presumably is over ssl).

However, there are lots of instances of big professional outfits doing stupid things like actually storing passwords somewhere, either in plain text or reversibly (two-way) encrypted. You have the right to ask the service provider if they do this or if they use one way hashes. I'm sure they will say, "We do everything to protect our customer's privacy", etc.

Community
  • 1
goldilocks
  • 87,661
  • 30
  • 204
  • 262
  • Thank you for your answer, the issue with this IP Camera is that i'm dependent on the client mobile application, do u have an idea how can I connect to the IP Camera and view from it without the mobile app ? – Noor Nov 15 '14 at 16:20
  • It probably would not be easy. If it is a proprietary protocol, you'd have to reverse engineer that first. Either way, you then have to write software of your own (unless it turns out to use some public protocol for which clients already exist). If you really want to do something like this, you're better of trying to do it with a normal computer and USB camera at first; there must be open source software around for that kind of thing. Once you know it works, you can try and find something smaller / lower power which can run the same software and such. – goldilocks Nov 15 '14 at 16:28
  • Oh and you still need to have a server with a static IP somewhere, or else get one for your home router (I think the former is much less expensive, but requires you configure/manage/maintain the server). – goldilocks Nov 15 '14 at 16:29
  • maintaining the server isn't an issue, the only shit is that I can't connect to the IP camera, it doesn't have USB port, it only has a wireless and lan port, I can only connect it to my router, through the router, i only get the ip address of the ip camera which is a static IP – Noor Nov 15 '14 at 16:54
  • Yeah, it's presumably a totally proprietary device. It's not intended for you to hack on it. The fact that its running something linux based doesn't mean it's actually an open platform. This is why I'm saying if you want to do this without using their service, you might as well give up on it and start with a normal computer; if that works you can probably use a raspberry pi (or similar) to power the camera, and so on. Even if you have the skills to reverse engineer this thing, it could take you hundreds of hours to put it all together -- hardly worth it just to make a device... – goldilocks Nov 15 '14 at 17:03
  • ...worth < $200 work the way you want, when you could replace it with <$100 of hardware that's simple to configure and use however you want in the first place. Sorry :( – goldilocks Nov 15 '14 at 17:04
  • weps, I fully understand you and really thanks for your advice, the issue is that I can't go with this hardware because I'm thinking of starting a company and offering services of camera installation, together with Zoneminder, so i can't even bargain on security, I need to have full control on everything, the platform should be completely open, so u r right, better I find something else, again, thanks :) – Noor Nov 15 '14 at 17:12
0

I purchased a camera like this that was advertised as an IP camera. Escam qf269. I hoped to connect it to home assistant on a local network. They don't tell you much about these cameras before you buy them. It only works with their mobile software. You can't connect it to an NVR or anything. What's interesting is i connected it to a proxy and monitored it. It was constantly streaming to AWS. That's a paid service and yet i didn't have to pay. This sounds like absolute spyware. I'm looking into whether i can hack this camera, reinstall Linux and make it work as an IP camera, but it looks like that would involve some soldering as there's no USB port. I don't trust it as is and won't use it.

DAB
  • 465