Hacker News new | ask | show | jobs
by sirmoveon 1357 days ago
The market is plagued with eth+poe cameras under $100. For live streaming you'd need to configure your network and probably some apps might offer cloud service. Maybe, even the same maker's app have cloud services. Check: Reolink, amcrest, zosi, dahua...

It's definitely a rabbit's hole digging into these stuff. Expect to dedicate long hours of research and setup, due to the multiple options there are, brands/models/cameras/technologies.

Making your own camera, as suggested by other person, at this point is pointless.
2 comments
walterbell 1357 days ago
> The market is plagued with eth+poe cameras under $100.

Any of those with non-Chinese firmware, or rootable for replacement with open-source firmware?

> Making your own camera, as suggested by other person, at this point is pointless

Unless you want control of the software on the camera, sometimes of interest to hackers who read news.

link
sirmoveon 1357 days ago
A hacker would isolate from the internet a cameras VLAN and run its own NVR software. At this point, the market has an abundance of good-enough options for cameras. The fight is in other areas, not the cameras as a device.
link
walterbell 1357 days ago
There are many different use cases and threat models, some of which do not permit random unmaintained Chinese-origin firmware to be present on local networks, VLAN network isolation claims not withstanding.

Open firmware for some camera SoCs (HiSilicon, Goke, Ingenic): https://openipc.org/

link
sirmoveon 1357 days ago
I'm with you in considering any software in the cameras as a threat, that's why you keep the cameras isolate from the internet. I've audited a few cheap chinese ones and they were indeed filled with vulnerabilities and unknown services running in high ports.

The idea that you can't effectively isolate them network wise is just a stretch.

link
walterbell 1357 days ago
http://rikfarrow.com/Network/net0103.html

> Switches were not designed as security devices. Their use as such simply evolved over time, and is ancillary to their main use as devices that improve network performance. If you use a switch for security reasons, you are relying on the correct configuration of the switch, including understanding not only the standards that the switch software is based upon, but also the correct implementation of those standards. The 802.1Q spec itself is 211 pages long, and is only one of a handful of standards that a compliant switch manufacturer must support. Any time that you need to segregate networks for serious security purposes, I recommend that you not use a switch.

"Framework for Layer 2 attacks" (2005), https://www.blackhat.com/presentations/bh-europe-05/BH_EU_05...

link
sirmoveon 1357 days ago
You are not restricted to VLANs for isolation purposes. You can consider the entire PoE switch LAN as compromised. Then firewall the NVR, which would connect to that switch to pull the cameras streams. Any software in the cameras don't need to see WAN at all.
link
2000UltraDeluxe 1356 days ago
I bought one of those cheap ones, mostly because it was cheap. It has a telnet server enabled with 123456 hardcoded as root password. It's also sending FTP and email passwords to some chinese server in cleartext, and seems to desperately hit various DNS servers with requests for cryptic domain names when internet access is blocked.

To this day, I still won't connect it to my network, and don't really consider that class of cameras an option -- and from what I hear, mine is not a unique experience.

There are obviously alternatives on the market, but they're rarely cheap.

link