• Blackmist@feddit.uk
      link
      fedilink
      English
      arrow-up
      43
      ·
      1 year ago

      There used to be a website with a map and you could see all these open unsecured cameras they’d found around the world. Mostly by searching Google for the page name they all had.

      Some of them seemed intentional, like traffic cams, cameras on the roof looking out over the city, etc, but there were so many fat men sat around watching TV in their underpants, random families in the kitchen, and so on.

    • realharo@lemm.ee
      link
      fedilink
      English
      arrow-up
      19
      ·
      edit-2
      1 year ago

      It would be fine if the footage was end-to-end encrypted, meaning you need to transfer the encryption/decryption keys from device (e.g. a phone) to camera, and then manually between all devices that should have access to the decrypted footage.

      Camera would only ever send out encrypted footage, and thus it would be insufficient to have access to the cloud account if you want to view the footage - you would need both access to the account (to obtain the encrypted data) and the decryption key (to actually decrypt it). The decryption key must never reach any 3rd party servers and can only be manually transferred between devices that should have access.

      There are still possible attack vectors, like malicious firmware updates, or the viewer client app updates, but those are very difficult to exploit, and pretty much exist in most “secure” software today (including from companies like Google, Apple, Meta, etc.). They could be mitigated by hardware design (do the encryption in hardware, camera’s software never has access to decrypted footage) and open source viewer clients that the user controls, but I would consider a camera sufficiently secure (for non-sensitive locations) without those.

      • PeterPoopshit@lemmy.world
        link
        fedilink
        English
        arrow-up
        5
        ·
        1 year ago

        How would I encrypt an rtsp stream so I can port forward it and then how to I unencrypt that stream for use on a local server?

        • grandkaiser@lemmy.world
          link
          fedilink
          English
          arrow-up
          5
          ·
          edit-2
          1 year ago

          Encrypted VPN between each side. IPSEC over GRE using 1024-bit AES encryption is more than enough.

          Honestly though, if someones cracking IPSEC with any encryption against a random person then that’s already leagues more than any script kiddie is capable of and professional hackers don’t have the motive.

        • realharo@lemm.ee
          link
          fedilink
          English
          arrow-up
          5
          ·
          1 year ago

          I guess you wouldn’t. Use a different protocol, one that supports the security you need.

    • cley_faye@lemmy.world
      link
      fedilink
      English
      arrow-up
      10
      ·
      1 year ago

      It is a bad idea. On one hand, we have the mean to make them quite secure. There is no such thing as an unbreakable encryption, but with proper key management and using decent enough algorithms we can totally do something that puts your camera out of reach of most thing that are not nation-scale organisations. On the other hand, it’s mildly more inconvenient than “installing an app and entering your email”, as it might require stuff like doing a tiny little bit of setting up.

      So, the unsecure/“trust the service” way it is.

        • JonEFive@midwest.social
          link
          fedilink
          English
          arrow-up
          4
          ·
          1 year ago

          There’s certainly a middle ground between IOT cameras sending a constant stream out to an internet server and a completely private circuit.

          First, let’s put the NVR inside the network so that we aren’t constantly broadcasting to the internet.

          Then let’s not allow direct access to the cameras from the internet. Instead, we connect to the NVR via a VPN.

          You keep control of all the recording and storage infrastructure, and you don’t place your trust in these corporations that have been found over and over again to be lying or overstating their security stance.

        • cley_faye@lemmy.world
          link
          fedilink
          English
          arrow-up
          1
          ·
          1 year ago

          It’s a bad idea because of the de-facto “requirement” that people want everything available everywhere with zero setup, causing cheap, completely insecure solution to become the norm. Just don’t use “cloud-based, app-enabled zero-config ultra easy trust me bro I know what I’m doing” camera and get proper stuff that allows you to control what goes where and use decent encryption.

              • motorwerks@sopuli.xyz
                link
                fedilink
                English
                arrow-up
                10
                arrow-down
                4
                ·
                1 year ago

                I would say it’s about as difficult as golfing. Try doing it a few times & maybe you’ll hit the ball. Keep at it & you can play the game on a course. Is there a learning curve? Yes, of course. Is it worth it? Yes, of course. Only you get the upside of the effort so nobody is going to do it for you. I mean, unless you pay handsomely for it. In the end…do whatever you feel is appropriate, but getting things that only benefit you w/o effort isn’t the world we live in.

              • nao@sh.itjust.works
                link
                fedilink
                English
                arrow-up
                6
                arrow-down
                1
                ·
                1 year ago

                If this is beyond the capabilities of a user, maybe that user shouldn’t set up remotely accessible cameras either

          • bagelberger@lemmy.world
            link
            fedilink
            English
            arrow-up
            4
            ·
            1 year ago

            Lorex has a companion app you can use to view your camera feeds, but all of the data stays on the NVR

            • SendMePhotos@lemmy.world
              link
              fedilink
              English
              arrow-up
              1
              ·
              1 year ago

              I use NightOwl which is a dvr connected to the network. While accessing I’m really just accessing my own dvr… Right?

          • gamer@lemm.ee
            link
            fedilink
            English
            arrow-up
            2
            ·
            edit-2
            1 year ago

            Go with Unifi then. They’re pretty much the only network equipment company with good software. The NVR (the computer that records/stores the camera feeds) can be used with or without internet access. If you know how to setup a VPN, you can connect to it without giving it internet access. If you don’t know/want to do that, you can use their free web portal to access it remotely.

            Cloud key G2 (NVR) is ~$200 and includes a 1tb HDD, G3 Flex cameras are ~$80 each. If you want to save some money, you can skip the cloudkey and install the software on an existing computer on your network.

            All you need for wiring is to pass a single ethernet cable to wherever you want to place the cameras since they use PoE (power over ethernet). You’ll also need a PoE adapter for each camera if you don’t have a router that supports PoE. They also sell really awesome routers and switches with PoE, but if you’re new to PoE be careful and do your research because it can permanently damage incompatible equipment. The older EdgeRouters are an incredible value, but the PoE variants use a non-standard and more dangerous PoE implementation than the newer ones. The EdgeRouter X SFP w/ included power adapter does work fine with G3 Flex cameras though, since that’s exactly the setup I have (I don’t think it’ll work with the Cloudkey G2 tho).

            …also yes, I’m a bit of a fanboy.

    • TORFdot0@lemmy.world
      link
      fedilink
      English
      arrow-up
      5
      ·
      1 year ago

      I’d argue that it’s more convenient to have clouds connect for recording and storage purposes but so many cameras come with SD cards built in now that the cloud storage isn’t even really an advantage anymore either.

      • ramjambamalam@lemmy.ca
        link
        fedilink
        English
        arrow-up
        14
        arrow-down
        1
        ·
        1 year ago

        A security camera with only local storage has a pretty obvious flaw that the incriminating footage can be more easily stolen and/or destroyed by the perpetrator.

        • seathru@lemm.ee
          link
          fedilink
          English
          arrow-up
          1
          ·
          1 year ago

          DVR doesn’t take up much space in the safe. And the heat produced helps keep humidity down.

          • ramjambamalam@lemmy.ca
            link
            fedilink
            English
            arrow-up
            1
            arrow-down
            2
            ·
            1 year ago

            Sure, but that’s not a comparable alternative to the convenience of a turnkey, cloud solution. There’s a reason they’re so popular.

  • Archer@lemmy.world
    link
    fedilink
    English
    arrow-up
    106
    ·
    1 year ago

    If you weren’t getting rid of Wyze devices before the Wyzecam v1 fiasco where they lied, this is a great time to do so. Unplug your Wyze stuff and hit 'em right in the metrics

      • mashbooq@infosec.pub
        link
        fedilink
        English
        arrow-up
        30
        arrow-down
        2
        ·
        1 year ago

        Best way would be to set up a VPN that lets you connect to your home network remotely, and set up cameras that are only connected to your LAN

        • Salix@sh.itjust.works
          link
          fedilink
          English
          arrow-up
          14
          ·
          1 year ago

          I believe these types of cameras are used often by the average person. I don’t believe the average person would know how to set up a VPN

          • Damage@slrpnk.net
            link
            fedilink
            English
            arrow-up
            7
            arrow-down
            5
            ·
            edit-2
            1 year ago

            Either you have the know how (or the willingness to acquire it), or you pay someone with the know how. If you half-ass a solution with an AliExpress camera, you deserve what’s coming to you.

              • Misconduct@startrek.website
                link
                fedilink
                English
                arrow-up
                4
                ·
                edit-2
                1 year ago

                One of my neighbors has a completely open camera in their front yard lol. I’ve left a note on the door giving them a heads up but I guess they don’t care or don’t know what to do about it. I only know because my app is always adding their stupid camera when it “detects a new device” and I have to go in and remove it every time. So far their cOnsEQuenCeS have just been me briefly admiring their pretty garden the first time I noticed it and opened the camera to figure out who it was and warn them lol. If someone got into mine I hope they enjoy the random feral cats wandering through my ugly barren yard 🤷‍♀️

                I’d never leave any camera inside my home it would creep me out too much. I don’t see what harm the cams facing the exterior entrances to my house could possibly cause.

          • Gowens@lemmy.world
            link
            fedilink
            English
            arrow-up
            15
            ·
            1 year ago

            By the time you get everything going you will no longer be a beginner. If you’re ready for that kind of undertaking check out MactelecomNetworks on YouTube.

          • Misconduct@startrek.website
            link
            fedilink
            English
            arrow-up
            7
            arrow-down
            1
            ·
            edit-2
            1 year ago

            Just keep in mind that you’re on lemmy and the people here tend to be very enthusiastic about things like this this that may or may not be very doable or necessary for the average individual

          • mashbooq@infosec.pub
            link
            fedilink
            English
            arrow-up
            5
            arrow-down
            1
            ·
            1 year ago

            Tailscale (which is open source) can host an entry point for a home VPN for you. Better security would be to host it yourself, which they also have instructions on how to set up, but even having them host is a security upgrade from using standard cloud cameras.

        • Psythik@lemm.ee
          link
          fedilink
          English
          arrow-up
          7
          ·
          1 year ago

          Doesn’t that require a home server that runs 24/7, or is this something I can do from my TP-Link router without having to flash custom firmware?

          • Tayb@lemmy.world
            link
            fedilink
            English
            arrow-up
            4
            ·
            1 year ago

            If you can, it’ll be in the router’s web console under something named like “VPN Server.” You’ll need a higher end router to have that function built in, though.

          • mashbooq@infosec.pub
            link
            fedilink
            English
            arrow-up
            3
            arrow-down
            5
            ·
            edit-2
            1 year ago

            You’d need to pay for an external server and domain name, but that’s generally cheaper than paying cloud subscriptions. You can also use Tailscale, which can host the VPN entry infrastructure without being able to see your traffic (depending on how much you trust them).

            • Psythik@lemm.ee
              link
              fedilink
              English
              arrow-up
              7
              ·
              edit-2
              1 year ago

              How is an external server any different from cloud storage, which runs on external servers? You still don’t have control over the machine. Why can’t I just run this off my router?

              • Damage@slrpnk.net
                link
                fedilink
                English
                arrow-up
                3
                ·
                1 year ago

                You can run it off your router, I don’t know why he keeps shilling tailscale. I don’t know about your router specifically, but any non-low tier one should have the functionality (my 60€ mikrotik does, but it’s horrible to set up); or you could use any old raspberry pi.

      • chicken@lemmy.dbzer0.com
        link
        fedilink
        English
        arrow-up
        5
        ·
        1 year ago

        I have a camera connected to a raspberry pi running motioneye, remote connect to it with pitunnel, works pretty well.

        • daed@lemmy.world
          link
          fedilink
          English
          arrow-up
          1
          ·
          1 year ago

          Do you realize how silly a thing that is to say? People existed before literally all technology. How you feel about the necessity of the invention is literally irrelevant to the conversation.

    • /home/pineapplelover@lemm.ee
      link
      fedilink
      English
      arrow-up
      1
      ·
      1 year ago

      Using Lorex right now but I don’t really know how it works. Some type of NVR setup but allows for remote viewing on their app. I think it’s just sending video to lorex servers so we can stream on phone but don’t know if they’re saving the feed on their end or not. Haven’t heard any bad things from this brand so I hope it’s safe. Too lazy to do all the tailscale stuff.

  • ripcord@kbin.social
    link
    fedilink
    arrow-up
    42
    ·
    1 year ago

    Again??? This is the third time and of course the last two times they promised they’d rearchitect so it could never happen.

    The fact that this can happen means that they or anyone can see your camera data at any time. There is zero real security or privacy.

    • unphazed@lemmy.world
      link
      fedilink
      English
      arrow-up
      3
      ·
      1 year ago

      Yeah this is why I have mine outdoors, except my 3d printer one. Never record what you wish to be private.

    • Björn Tantau@swg-empire.de
      link
      fedilink
      English
      arrow-up
      27
      arrow-down
      1
      ·
      1 year ago

      That’s why I only use inside cameras, eg dumb cameras where I can ensure that they are only accessible inside my LAN.

        • Björn Tantau@swg-empire.de
          link
          fedilink
          English
          arrow-up
          13
          ·
          1 year ago

          Literally any dumb webcam and a Raspberry Pi or similar will do. I used a webcam and an old laptop. But I never put up full time surveillance. Just spontaneously when I needed something.

          Heard Ubiquiti was good.

            • Taleya@aussie.zone
              link
              fedilink
              English
              arrow-up
              7
              ·
              1 year ago

              Yeah that’s the problem(same with automation. ) You have your own infrastructure- $$ but secure - or you have the backen offsourced to a remote server for a cheaper device and get data raped.

          • DessertStorms@kbin.social
            link
            fedilink
            arrow-up
            2
            ·
            1 year ago

            Where would be a good place to ask for advice about setting these things up? It’s not something I want to start looking in to quite yet but once I move in a few months I’d really like to set something up and I know I’m going to need some advice…

            • Gowens@lemmy.world
              link
              fedilink
              English
              arrow-up
              4
              ·
              1 year ago

              Any community based on self-hosting. Smart Home YouTube channels. If you want to know how to setup multiple cameras and access points with UniFi gear, check out MactelecomNetworks on YouTube. The algorithm should push you in the direction of anyone else of note too.

              • DessertStorms@kbin.social
                link
                fedilink
                arrow-up
                1
                ·
                1 year ago

                Thanks for the tips!
                Though I’m generally looking for something more like a community/magazine on here where I could ask questions and get personal advice, rather than try to follow someone else do something that isn’t exactly what I’m trying to do…

        • toynbee@lemm.ee
          link
          fedilink
          English
          arrow-up
          3
          ·
          1 year ago

          I believe that Reolink cameras plus an NVR allow, but don’t require, completely offline recording.

        • grue@lemmy.world
          link
          fedilink
          English
          arrow-up
          2
          arrow-down
          2
          ·
          edit-2
          1 year ago

          There aren’t any. The best you can do is accept that they’re compromised and firewall them off from everything except the NVR they’re supposed to talk to. Put the whole camera network on a separate VLAN with no gateway.

      • Flying Squid@lemmy.world
        link
        fedilink
        English
        arrow-up
        1
        arrow-down
        1
        ·
        edit-2
        1 year ago

        I don’t have any security cameras, but unless you have a whole bunch of computers at home, a LAN is what, 3 maybe 4 machines? In my case, it’s a desktop machine, two notebooks and an iPad. Those could easily all be stolen by the person who breaks into the house with the cameras.

        I don’t know what the solution here is because I sure wouldn’t trust the Internet as the solution.

        • KIM_JONG@lemmy.world
          link
          fedilink
          English
          arrow-up
          3
          ·
          1 year ago

          A LAN could be zero machines. Point is IP addresses are not routable on the public internet.

          • Flying Squid@lemmy.world
            link
            fedilink
            English
            arrow-up
            2
            arrow-down
            1
            ·
            1 year ago

            That’s not really the point. The footage from the camera has to be stored somewhere. Either locally or remotely. If it’s remote, there’s a chance of it leaking. If it’s local, the machine it’s on could get stolen. So again, I don’t know what the solution is.

            • KIM_JONG@lemmy.world
              link
              fedilink
              English
              arrow-up
              2
              ·
              1 year ago

              I was just being a pedant about your definition of LAN. :)

              For a non-pedantic definition, yours is fine.

            • JonEFive@midwest.social
              link
              fedilink
              English
              arrow-up
              2
              ·
              1 year ago

              If you’re worried about physical theft then you’ll want to enable encryption on the storage drives.

  • littlecolt@lemm.ee
    link
    fedilink
    English
    arrow-up
    35
    arrow-down
    3
    ·
    1 year ago

    These fucking cameras and all like them are the bane of my existence. I’m an ISP repair rep. People lose their fucking shit if they can’t surveil their fucking house for 5 minutes. “The Internet is down! Reboot it!” “Are you at home too troubleshoot?” “No! But I can’t see my fucking cat vomiting on my couch from work!!!” Jesus fucking Christ, your house will be there when you get home. Fuck

    • librechad@lemm.ee
      link
      fedilink
      English
      arrow-up
      13
      ·
      edit-2
      1 year ago

      This is my father. We have about 10 ring cameras surrounding the house and I fucking hate it. Meanwhile, I’m also a distributor for security cameras and could easily replace all of them for free. He still insists no. He likes that he can easily prey on me when I go outside for 1-2 seconds to grab a drink or go outside for a smoke.

      I already hate feeling watched but the need for audio is just ridiculous. Law enforcement can basically just intercept the feeds and listen/watch you anytime they want to. The FBI abused a spy tool 280,000 times this year, so I doubt they’ll respect your rights, if you even have any at this point.

      I wish I grew up during the days without cameras being on every single building.

      • JonEFive@midwest.social
        link
        fedilink
        English
        arrow-up
        7
        ·
        1 year ago

        Not to mention providers giving-in to subpoenas without even the slightest fight, and you would never know about it. Heck, some don’t even require subpoenas, a simple law enforcement request might be enough.

  • Knusper@feddit.de
    link
    fedilink
    English
    arrow-up
    28
    arrow-down
    1
    ·
    1 year ago

    If you’re incapable of building a secure service, maybe you shouldn’t be routing people’s camera feeds through that service.

    • Abnorc@lemm.ee
      link
      fedilink
      English
      arrow-up
      5
      ·
      1 year ago

      But you didn’t factor in how much money we can make at the expense of our users.

  • seathru@lemm.ee
    link
    fedilink
    English
    arrow-up
    21
    arrow-down
    1
    ·
    1 year ago

    Your Wyze webcam might have let other owners peek into your house

    IF you happened to be logged into Wyze’s horrible web viewer during the 30 min things got screwy. Didn’t this happen to amazon a couple years ago? I remember briefly getting someone else’s cart/purchase history.

  • bogdugg@sh.itjust.works
    link
    fedilink
    English
    arrow-up
    17
    ·
    1 year ago

    As a child, I remember it was trivial to use Google to see through surveillance webcams that people from around the world had purchased and left unsecured and public on the internet. I hadn’t thought much of it then, including how obviously invasive of their privacy it was, but I think it has left me with an awareness of just how little these systems should be trusted to protect that privacy. I have no trust in the system to protect my data from anyone.

    • NaN@lemmy.sdf.org
      link
      fedilink
      English
      arrow-up
      10
      ·
      1 year ago

      Those are still around. They are the local services that people suggest instead of Nest or something, where “you control your own data”. Turns out nothing is foolproof.

        • NaN@lemmy.sdf.org
          link
          fedilink
          English
          arrow-up
          3
          ·
          edit-2
          1 year ago

          Yes, but that makes it a poor example of “how little these systems should be trusted”.

          • Semi-Hemi-Demigod@kbin.social
            link
            fedilink
            arrow-up
            2
            ·
            1 year ago

            The IP cameras you can find with Google are because there’s a lack of a firewall on them. It’s possible to use devices on your local network without anyone knowing if you know what you’re doing.

            But because we consider electronics “consumer products” we don’t have qualified professionals installing them, so we get doors without locks on them.

            • TORFdot0@lemmy.world
              link
              fedilink
              English
              arrow-up
              1
              ·
              1 year ago

              I think you’d be surprised how many cameras have NAT-Traversal turned on and can be accessed via web/app even behind a router.

    • lazyvar@programming.dev
      link
      fedilink
      English
      arrow-up
      9
      ·
      1 year ago

      You can still do this if you use https://www.shodan.io/

      It’ll let you find IoT devices and cameras connected to the internet if you know what to search for and an alarming amount of them are locked behind an admin/admin login.

      I advise against nosying around because there’s a near 100% chance that it’s illegal to do so in your jurisdiction.

  • tabular@lemmy.world
    link
    fedilink
    English
    arrow-up
    15
    arrow-down
    3
    ·
    1 year ago

    They don’t own the ones they paid for either, someone else is in control…

  • irotsoma@lemmy.world
    link
    fedilink
    English
    arrow-up
    12
    ·
    1 year ago

    This is why I’d never use a hosted service for interior cameras, only exterior ones.

  • Max-P@lemmy.max-p.me
    link
    fedilink
    English
    arrow-up
    10
    ·
    1 year ago

    Jokes on them, ours died a few months after their ~expiration date~ one year warranty.

    Next ones are going to be plain dumb RTMP cameras over PoE cat6 feeding a local server.

    • u/lukmly013 💾 (lemmy.sdf.org)@lemmy.sdf.org
      link
      fedilink
      English
      arrow-up
      10
      ·
      edit-2
      1 year ago

      I see you tried to make strike through text. You’re missing one more pair of the… damn, can’t remember what it’s called. The home symbol.

      strikethrough ~~strikethrough~~

      Edit: Tilde

      • AssPennies@lemmy.world
        link
        fedilink
        English
        arrow-up
        3
        ·
        edit-2
        1 year ago

        Edit: Tilde

        I prefer the call it a floppy hyphen. Though I’m not allowed to use the term in code reviews anymore.

        Edit: Oh shit! An sdf.org account, first one I’ve seen in the wild. I haven’t used mine since I don’t want to goof off like I do and reflect poorly on them.

    • radau@lemmy.dbzer0.com
      link
      fedilink
      English
      arrow-up
      8
      ·
      1 year ago

      These cameras work very well with the wz_mini_hacks firmware completely cut off from the internet. I’m using frigate and home assistant for notifying and it’s honestly way better than the wyze app ever was.

      I’m running frigate on a Lenovo m900 with the coral USB accelerator and my CPU usage is super low so you could probably get away with the Pi4!

    • PFShady@lemmy.world
      link
      fedilink
      English
      arrow-up
      6
      ·
      1 year ago

      I’ve been using Amcrest cameras with Frigate and a Coral USB. It’s been working perfectly. My cameras are on a VLAN with no Internet access and it hasn’t caused any issues.

      • radau@lemmy.dbzer0.com
        link
        fedilink
        English
        arrow-up
        3
        ·
        1 year ago

        Do you have any of their doorbells? I went back to a physical doorbell button with home assistants sky connect dongle linked up to a motion sensor at the door just so I know when someone’s there but would love to get a camera up there that isn’t some ring bs

        • PFShady@lemmy.world
          link
          fedilink
          English
          arrow-up
          4
          ·
          1 year ago

          I have the Amcrest AD410 actually. I’m pretty sure the Amcrest app uses cloud but I could be wrong. That said, it integrates with home assistant and frigate perfectly at the local level so I get instant notifications when there is motion. If they ring the doorbell I leverage home assistant to be notified immediately along with a picture of when the button was pressed. I’ve been very happy with it.

    • mob@lemmy.world
      link
      fedilink
      English
      arrow-up
      4
      ·
      1 year ago

      Is the Pi4 on sale still around the 100$ mark?

      I’d love another Pi at the original.prices

    • AArun@programming.dev
      link
      fedilink
      English
      arrow-up
      1
      ·
      1 year ago

      I’ve been partial to amcrest they’re affordable and “us” based even though they’re rebranded dahua cameras. Everything I’ve read says they’re compatible with frigate and even home assistant if you plan to use that as well. I’ve been trying to do a similar setup for myself.

  • AutoTL;DR@lemmings.worldB
    link
    fedilink
    English
    arrow-up
    9
    arrow-down
    1
    ·
    1 year ago

    This is the best summary I could come up with:


    Some Wyze security camera owners reported Friday that they were unexpectedly able to see webcam feeds that weren’t theirs, meaning that they were unintentionally able to see inside of other people’s houses.

    A Wyze customer support agent confirmed to The Verge that this was indeed happening.

    “Went to check on my cameras and they are all gone be replaced with a new one… and this isn’t mine!” wrote one user.

    Each thread has comments from other Reddit users reporting similar issues.

    “While we work to get this resolved, Wyze Web View functionality may be limited or unavailable,” they told me.

    Wyze’s PR team didn’t immediately reply to an emailed request for comment.


    The original article contains 398 words, the summary contains 112 words. Saved 72%. I’m a bot and I’m open source!