[aaronax]

This is so bad that it must be intentional, right? Even though these are dirt cheap, they couldn't come up with $100,000 to check for run-of-the-mill vulnerabilities? There must be many millions sold. Quite handy for some intel agencies.

I assume any Wi-Fi camera under $150 has basically the same problems. I guess the only way to run a security camera where you don't have Ethernet is to use a non-proprietary Wi-Fi <-> 1000BASE-T adapter. Probably only something homebuilt based on a single board computer and running basically stock Linux/BSD meets that requirement.

[Aurornis]

> This is so bad that it must be intentional, right? Even though these are dirt cheap, they couldn't come up with $100,000 to check for run-of-the-mill vulnerabilities?

The camera sells for $17.99 on their website right now.

Subtract out the cost of the hardware, the box, warehousing, transit to the warehouse, assembly, testing, returns, lost shipments, warranty replacements, support staff, and everything else, then imagine how much is left over for profit. Let's be very optimistic and say $5 per unit.

That $5 per unit profit would mean an additional $100,000 invested in software development would be like taking 20,000 units of this camera and lighting them on fire. Or they could not do that and improve their bottom line numbers by $100,000.

TP-Link has a huge lineup of products and is constantly introducing new things. Multiply that $100,000 across the probably 100+ products on their websites and it becomes tens of millions of dollars per year.

The only way these ultra-cheap products are getting shipped at these prices is by doing the absolute bare minimum of software development. They take a reference design from the chip vendor, have 1 or 2 low wage engineers change things in the reference codebase until it appears to work, then they ship it.

[heresie-dabord]

Both the parent and you can be right in this case.

The parent rightly suggested that there is the obvious intention to exploit these devices:

> This is so bad that it must be intentional, right? Even though these are dirt cheap, they couldn't come up with $100,000 to check for run-of-the-mill vulnerabilities?

You explained that there could be an economic reason for the appalling absence of security:

> The only way these ultra-cheap products are getting shipped at these prices is by doing the absolute bare minimum of software development.

But the parent's point is more convincing, based on the observable evidence and the very clear patterns of state-sponsored exploitation.

The vendors could set default passwords to be robust. The vendors could configure defaults to block upstream access. But maybe the vendors in this particular supply chain are more like the purveyors of shovels in a Gold Rush.

A less-charitable metaphor is possible where state-sponsored motives are unambiguously known.

[reddalo]

Also, they stop releasing firmware updates for older hardware revisions. I bet older camera models have way more exploits.

[tehlike]

Some cameras that "charge" with USB also can use a USB network adapter (provided they can supply power).

For the tech savvy, there is thingino as a firmware alternative - works local only, no cloud, and supports mqtt etc.

[stragies]

Is there a table of supported hardware, that contains info about the USB-connection (or ethernet) on these devices. Like, which have data-lines connected, can the device electrically do host and device mode? Can I use a POE2USBC adapter, that presents itself as a USB-network device to the camera? Ability to filter on those columns would be great. Is thingino using the Ingenic linux kernel 3.ancient SDK version, or do they have/use something newer?

[cvhc]

It's been long known many older TP-Link IoT devices doesn't require any authentication to connect, as my Kasa HS300 strips. Later models requires the account credential [1], but I'm not surprised that they still left something wide open (e.g., WiFi config endpoint for provisioning). I tend to believe this is just poor software engineering (Hanlon's razor).

[1] https://www.home-assistant.io/integrations/tplink/

[fylo]

Don't put them on untrusted networks. This always seemed obvious to me.

[tehlike]

Untrusted network is not sufficient, you need to cut them off internet, in general.

[baobun]

The internet should very much be considered an untrusted network.

[hdgvhicv]

Don’t put it on a network, but also don’t allow it to reach an untrusted network.

[aaronax]

My initial read of proximity being sufficient to exploit 3 is incorrect, so yeah as long as you control the Wi-Fi network sufficiently then things should be fine.

[formerly_proven]

> I assume any Wi-Fi camera has basically the same problems.

ftfy