this post was submitted on 26 Jul 2024
237 points (99.6% liked)

Privacy

4250 readers
4 users here now

A community for Lemmy users interested in privacy

Rules:

  1. Be civil
  2. No spam posting
  3. Keep posts on-topic
  4. No trolling

founded 1 year ago
MODERATORS
[email protected]
237
Matt Brown Digs Deep Into an IP Camera's Firmware — and Finds a Hard-Coded Root Password (www.hackster.io)
submitted 4 months ago by [email protected] to c/[email protected]
16 comments fedilink hide all child comments
you are viewing a single comment's thread
view the rest of the comments
[–] [email protected] 52 points 4 months ago (13 children)

This is one of several reasons why I keep all my cameras and any other IoT devices on a separate VLAN that has no access to the internet and no access to the rest of my home network. The only bridge is my DVR server, but that's something I can't get around.

Before it was set up this way, I saw a huge amount of requests on my DNS server from the cameras, each one resolving the manufacturer's domain name. It was probably innocuous, but why take the risk? There is absolutely no reason whatsoever that a security camera needs access to anything.

[–] [email protected] 4 points 4 months ago (2 children)

Any recommendations on cameras that work well local-only/don't seem to make peculiar DNS requests?

If I ever get around to installing cameras I'll have them on their own, no-internet VLAN, but would prefer having well-behaved devices.

[–] [email protected] 4 points 4 months ago (1 children)

I'm a big fan of the Ubiquiti security cameras - all local data, decent quality. The downside is the price and availability, but if you can swing it - they're pretty great.

[–] [email protected] 2 points 4 months ago

Nice, thanks!

[–] [email protected] 3 points 4 months ago (1 children)

I have always used Amcrest cameras; they're not expensive, and they tend to work well. They do make requests back to amcrest.com, but I don't know for sure if that's anything nefarious or if it's just part of their built-in "cloud" capability or perhaps they're looking for firmware updates. They integrate nicely with BlueIris or Frigate. I use BlueIris in a VM with virtual network adapters to my home network and my "camera" VLAN. BlueIris is accessible through a reverse proxy, but the cameras themselves have no access to the outside world.

If you're able to find a camera that doesn't try to "call home," I'd be surprised. At the very least, most manufacturers build in some kind of cloud accessibility into the camera's firmware. In their defense, I think that most consumers want this capability; it's much easier just to use the manufacturer's app than to set up a self-hosted DVR.

So to answer your question, no, I don't have a good suggestion, but I also don't think that what you're asking for really exists (as unfortunate as that is). You could always set up a small SBC (like a raspberry pi) with a USB camera, but at that point, it'd probably be more cost-effective to just buy off-the-shelf cameras and some VLAN-aware networking hardware.

[–] [email protected] 1 points 4 months ago

Thanks! That sounds like a good option. Mostly would want to avoid something that's flooding the network with DNS requests

a few attempts at phoning home now and then are, like you say, probably inevitable.

load more comments (10 replies)