Great article on cheap IP Cameras and DVR's

bill_rae · October 10, 2018, 10:57am

When an IoT company ignores basic security and goes for profit alone, you get botnets.

I personally have a Zmodo PoE cam/DVR setup and was surprised they are part of this issue.
I have my cams firewalled and only a few ports open to dvr for remote viewing capability and it does not use cloud viewing option, only direct IP.
I will have to probe my DVR using default passwords given in deeper links in the article. I knew the security sucked on the system but was not concerned about someone seeing the outside of my house nor aware of any cases of network traversal using the dvr (still not mentioned but will research more) I was not aware remote firmware could be uploaded either. And why the hell is telnet even included these day?

Crazy stuff

Chiquinho · October 10, 2018, 11:19am

I think not many users know what they are doing when they use “intelligent” cameras, bulbs, vacuum robots etc.
Everything which is connected via WIFI to the “evil net” is vulnerable.

Monk3e · October 10, 2018, 11:46am

Reliance on the term “Plug and Play” makes everyone think they can be an expert, which holds true as long as they do research and not just buy the first thing on sale or when a whim hits them. If you do not take the time to learn how to do it right, you are always better off using a closed system, internet and cloud based really should be marketed as intermediate to advanced. (Not for difficulty, but for the process needed to protect yourself)

Tank · October 10, 2018, 1:09pm

Everyone is an expert in all things that involve stuff they set u themselves. this leaves them vulnerable because 90% of the people only know how to change a default password or set one so others cannot access their system. But the reality is they are creating a false sense of security for themselves and anything connected to their system. Anyone with even a remote how to change or access stuff can change that persons settings and see whats on their network. As @Monk3e mentioned people are to reliant on plug and play, but even still you can really be an expert in what your doing and someone smarter can come along and find a way to manipulate that system to gain access or cause detrimental harm.

Element321 · October 10, 2018, 7:36pm

It doesn’t surprise me. Most of these cheap Chinese smart devices that connect to internet are poorly made and designed to make the company money and they don’t care about the customer.

I want to automate and add as many smart devices I can to help us out but my wife is concerned about security so we’ve limited the amount of smart tech in our house until manufacturers have made these devices more secure.

Currently we have smart bulbs, plugs, and an Ecobee thermostat. We setup a minimal network for our smart devices. This network has only access to the internet but no computers or research shares on this network. We setup a separate network that our computers, network shares, and mobile devices connect to. This way, we hope to keep the less secure devices away from our private information we really would prefer not share with the world.

Chiquinho · October 10, 2018, 7:42pm

This is OK.
A virtual hug to your wife!

But I think you both are two of 1000 users acting this way.