• @[email protected]
    link
    fedilink
    English
    19311 months ago

    This is why you shouldn’t use cloud services for personal security, because the cloud is just someone else’s computer.

    • deweydecibel
      link
      fedilink
      English
      59
      edit-2
      11 months ago

      Also, quit putting unnecessary, Internet connected cameras indoors.

      I seriously cannot fathom the amount of people that seem to want to put cameras up in their own bedrooms and just let them stream video constantly.

      It has nothing to do with any serious home security, and everything to do with mindless consumerism. Hopefully it’s a trend that will pass.

    • @[email protected]
      link
      fedilink
      English
      -611 months ago

      In general, cloud services have far better security than DIY systems. All of the hacked systems in this article are home based systems.

      • @[email protected]
        link
        fedilink
        English
        51
        edit-2
        11 months ago

        All of the hacked systems in this article are home based systems.

        [citation needed] because that’s not in the article. According to the article, attackers used automated scanning software, which strongly implies they brute-forced cameras connected to the Internet with default or weak credentials. That has nothing to do with whether or not the service is based in the cloud.

        In general, cloud services have far better security than DIY systems

        As a matter of fact, it’s known that the leading cloud-based surveillance system, Ring, has been subject to employee abuse and user accounts have been widely compromised via credential stuffing. In fact, Amazon is currently facing a proposed order from the FTC over the fact that they allowed abuse by employees and more or less knew for years that their lax security practices were placing their customers in danger from cybercriminals. Hell, it’s 2023 and all you have to do to pre-empt most credential stuffing attacks is enforce 2FA, and this was optional in a HOME SECURITY PRODUCT from a LEADING cloud provider. “In general cloud providers have better security” my ass.

        Cloud based security only gets better when regulators force cloud providers to improve security, after cloud providers allow hackers to harm thousands to millions of customers.

        I’m just gonna say it again: the cloud is just someone else’s computer.

        • @[email protected]
          link
          fedilink
          English
          10
          edit-2
          11 months ago

          According to the article, attackers used automated scanning software, which strongly implies they brute-forced cameras connected to the Internet with default or weak credentials. That has nothing to do with whether or not the service is based in the cloud.

          This is a known problem with popular brands of security cameras sold in Vietnam, that the default configuration has an admin password of “admin” or “12345” accessible from the public Internet. They’re basically sold insecure, and rely on customers to consciously adopt a custom configuration to be secure.

          Although, in order to be publicly accessible, one would imagine that they’ve had to configure their firewall to let outside signals to the devices themselves. Or maybe some kind of ddns setup.

          Either way, it doesn’t have anything to do with the cloud, and the parent comment is basically right about that.

          • @[email protected]
            link
            fedilink
            English
            411 months ago

            Although, in order to be publicly accessible, one would imagine that they’ve had to configure …

            I’m guessing there are providers in Vietnam offering remote access accounts and apps, the same as 90% of IP security cameras on AliExpress, Amazon, eBay etc. Most of the zero config ones are authenticated with a cloud server 24/7 to enable remote viewing. This being Vietnam specific leads me to believe that the “hackers” are actually a domestic crime org selling compromised hardware; could be as simple as opening the box and obtaining device information (like the serial, MAC, or QR code) before shipping the product.

        • @[email protected]
          link
          fedilink
          English
          4
          edit-2
          11 months ago

          In general, cloud services have far better security than DIY systems

          Even if it were true; less money to be made than from a company, so less interest and investition to hack it.

      • bruhduh
        link
        fedilink
        English
        3111 months ago

        You can’t connect home system that is never connected to internet, basically make home server and hook up cameras and don’t ever connect that to internet

        • deweydecibel
          link
          fedilink
          English
          7
          edit-2
          11 months ago

          The problem is cameras like these, the kind that people are putting up inside their own homes, facing their living spaces, their own damn bedrooms, they’re sold to people that have this desire to be able to check in with those cameras remotely at any time, without a good reason.

          The only reason my mother seems to have crap like this set up is so she can see the dogs when she’s not home. They’re just sleeping.

          Internet connected, living space directed cameras are this bizarre consumer electronics trend that has no legitimate use case for like 90% of the people that rush to use it. Certainly not one that merits the security risks and the privacy invasion that they are inviting on themselves.

        • @[email protected]
          link
          fedilink
          English
          311 months ago

          Half the reason to own a security camera system is so you can monitor it while away. Can’t do that if the system isn’t online.

            • ddh
              link
              fedilink
              English
              1
              edit-2
              11 months ago

              It’s going to be cloud accessed. People who install these to check on whether Mittens is sleeping aren’t setting up a domain or remembering an IP.

        • 520
          link
          fedilink
          3
          edit-2
          11 months ago

          Bro, if I find any ingress point onto your network, I can connect to your networked cams.

          Little brother downloads a Trojanised pirate copy of a game? I can connect to your cams via your lil bro’s computer.

          Not patched your stuff and there was a drive-by-download and RCE exploit? I can do it through your computer.

          Your firewalls are important but they aren’t impenetrable.

          • @[email protected]
            link
            fedilink
            English
            2011 months ago

            Yeah, but you’d pretty much need to target the person so these blanket hacks where a bunch of cameras are exposed aren’t really possible

            • 520
              link
              fedilink
              -7
              edit-2
              11 months ago

              No I don’t. Like the first example above I can simply trojanise an executable, and release it to the public.

              Once I’m on your network, the first thing I’m always going to do is see what I’m working with. That means a network and system info sweep. If I’m efficient, I already have a script to do this.

              That sweep will reveal the presence of the camera. I might be interested in extortion material or I can sell this to a criminal gang, if I can get it open. I already have the camera’s MAC address, so finding the make and model isn’t too hard.

              Then I might browse to it, see what system software it is running. Then I would try default usernames and passwords (people don’t always change them) and see if there are any usable exploits on the software.

              If I come across a certain camera type with certain vulnerabilities a lot, making a script to autofuck these cameras is child’s play.

              Source: am an ethical hacker/ red teamer.

              • ihavenopeopleskills
                link
                fedilink
                7
                edit-2
                11 months ago

                Source: am an ethical hacker/ red teamer.

                What is the recommended on-ramp for someone with a CS degree and a networking background?

                • 520
                  link
                  fedilink
                  2
                  edit-2
                  11 months ago

                  With that kind of background you’ve got a good advantage. You probably know how people fuck up their implementations as rookies, the next step is learning to take advantage of it.

                  Depending on the areas you want to get into (web, mobile, infrastructure, web3, etc) there are a lot of different training materials you can do. Most are free or very affordable.

                  Basic infrastructure stuff is a must, but it’s really simple. Your main tool for this will be either Nmap or massscan, both are port-scanners. You need to learn some basic flags and understand why you might want to use some and not others depending on the scenario (you probably already know at least some of this already). This is usually the first technical step in any operation.

                  Basic Linux and Windows command line is also a must. You don’t need to be able to do Linux From Scratch but you do need to be comfortable with Linux (and Windows) command line; if you manage to get a shell (illicit remote access) on a victim box, this is what you’ll be using to get around. An industry standard toolkit also comes in the form of a Linux distro, namely Kali Linux.

                  For more advanced infrastructure stuff, check out the HackTricks gitbook, it’s really helpful.

                  For web (not web3) based stuff, you can start with Damn Vulnerable Web App and OWASP Juice Shop. The former is far more tutorialy but the latter has all sorts of walkthroughs. Understanding why this works is important to understanding in future what kinds of stuff work, which is important when people actually put in (bypassable) protections.

                  If you want to go through more of a web3 route, get familiar with the Remix IDE and check out Ethernauts.

                  For mobiles, it’s important to have jailbroken or rooted devices, especially in the case of iOS. Check out Damn Insecure and Vulnerable App (Android) or Damn Vulnerable iOS App (iOS). The OWASP Mobile Testing Guide is also a really useful read.

                  Once you get comfortable, you can also check out Capture The Flag challenges hosted by other people. CTFTime is a good aggregate for these and HackTheBox is a good training ground for them.

                  I would generally recommend these tools before going onto certs; once you’re good at these, you’ll breeze through the certs with a light refresher on course details, however the certs are an expensive way to actually learn.

                  As for which certs, CompTIA Pentest Plus is a good starter. Offensive Security Certified Practitioner (OSCP) is a good mid-level cert, and CTFs are a crazy good preparation (this exam is much more practical-based than your standard exam). Don’t listen to some LinkedIn lunatics that call this a starter exam, it absolutely is not, and they probably have never taken it. It is, however considered something of a gold standard in the industry; if it isn’t a minimum requirement, it is considered VERY helpful in most job applications.

                • @[email protected]
                  link
                  fedilink
                  English
                  111 months ago

                  John Hammond’s got some pretty good “getting started with White Hat hacking” videos on his YouTube channel (a lot of “hack a box” and “CTF” style videos). He’s got one or two where he talks about his resume and training/classes he’s done.

          • Hyperreality
            link
            fedilink
            911 months ago

            Seperate network that’s physically not connected to a network which connects to the internet or cameras with local storage.

            You can’t hack into the wildlife camera in my backgarden. It doesn’t even have wifi, just an SD card.

            Of course, that’s less useful if you want to check up on your house when you’re away.

            • bruhduh
              link
              fedilink
              English
              1011 months ago

              That’s what I’ve been trying to say, thank you for backing me up

            • 520
              link
              fedilink
              311 months ago
              1. not a common feature of home networks

              2. If the compromised machine has access to both vlans, you’re still fucked

                • 520
                  link
                  fedilink
                  1
                  edit-2
                  11 months ago

                  It isn’t a common feature on ISP provided routers, which is what most people use. Some ISPs (example: my own) even make it exceptionally difficult to use other routers. I had to install OpenWRT on my retail router to get it, and getting that working was such a pain.

          • 𝒍𝒆𝒎𝒂𝒏𝒏
            link
            fedilink
            English
            111 months ago

            It kinda depends on the setup I think, especially when vlans and firewalls are involved, you’d likely need additional payloads to make further progress in that kind of environment IMO. Something granting persistent remote access to the compromised machine would be the most ideal option.

            As always physical access is pretty much game over though lol.

            My cams are only accessible via an authenticated endpoint hosted on a dedicated machine, which acts as a “bridge” between the VLAN that the cameras are on (no internet access), and another VLAN hosting internal services, like home assistant, plex etc.

            Aside from physical access, the only way to access the cams (that I can think of) would be via some exploit in Home Assistant, or by brute forcing the password to (any of) my network switches to access the management VLAN, changing the VLAN the cameras are set on to something else (bypassing the routing, firewall setup, and auth “bridge” entirely). Or maybe just exploiting the bridge machine directly and dropping a payload to forward the cams out to the net via the services VLAN

            With physical access, you could chop up the PoE for an external camera and using that as an ingress point - but you’d only have access to the cameras and the bridge machine unless you exploited that too. At this point the zabbix client on the bridge machine would have notified me that a camera’s dropped off the network, unless you dropped a payload to force it to return a good status lol

            Does sound like a very fun exercise though tbh

      • @[email protected]
        link
        fedilink
        English
        29
        edit-2
        11 months ago

        In general, cloud services have far better security than DIY systems.

        Where are you pulling this from? These aren’t “DIY”. DIY is when you roll your own remote network access (e.g. VPN, DDNS, port forwarding, etc) or FOSS software/hardware. I’d trust most DIY systems more than any cloud provider, because most DIY systems would be LAN only or VPN accessible. The QR code authentication mentioned in the article sounds like these are generic IP security cameras of stock firmware, that utilize a cloud server to enable remote viewing over the internet. Even reputable cloud services use the same method to connect or setup individual cams to their cloud.

        All of the hacked systems in this article are home based systems.

        That doesn’t mean the exploits used are of no fault of the user — from the vendors authentication implementation, software, or hardware.

      • deweydecibel
        link
        fedilink
        English
        1211 months ago

        Maybe, but the difference is a lot more people are going to be looking to target the cloud provider than your home network. To say nothing of the fact that your videos on the cloud are subject to the terms and services that you agree to and those terms can be changed at any time. And also the fact that you can’t guarantee that the stuff you delete off of that server is actually being deleted.

        • @[email protected]
          link
          fedilink
          English
          111 months ago

          a lot more people are going to be looking to target the cloud provider than your home network.

          I can show you logs with tens of thousands of hits from all IPs all over the globe trying to gain access to a single NVR that has a port open on the WAN side of a network.

          Besides email servers or FTP servers, cameras are the next highest thing target for attacks. The minute they go online they become a flaming red beacon for hackers.

      • fmstrat
        link
        fedilink
        English
        1011 months ago

        Blatantly false. Nowhere in the article does it say this.

        • @[email protected]
          link
          fedilink
          English
          411 months ago

          I’d almost say your exposure is bigger in the cloud. WAY more software involved, it’s shared environment, and someone elses computer… In addition, it’s complex to properly setup. People often leave it alone once they get it working, no security test or checks.

          Even IF it was because it was hosted at home, I blame the companies who build this shit. Market to end users, “super easy to use!!” But no security by default? Nuts.

          Enable auto updates, randomly generated admin password (no defaults like 123456), and support for more then 3 years will go a LONG way for the average consumer.

      • @[email protected]
        link
        fedilink
        English
        511 months ago

        Ok… But cloud services are centralized and have a lot more content to obtain, so that fundamentally makes them a more valuable target. This alone adds a level of relational security to maintaining a home backup of the information. Unless someone happens upon your home network and decides to hack it, or you download a file that sends up a flare, nobody is going to seek it out unless they know you have something specific they want.

        • @[email protected]
          link
          fedilink
          English
          1
          edit-2
          11 months ago

          Unless someone happens upon your home networ…

          If you have an IP camera system exposed to the outside, they will “happen upon you” within the hour.

          It’s one of the top things searched for in wide net port scans.

          But unlike those cloud services, your home network likely doesn’t have enterprise level threat detection to alert you to it, or a team of network engineers to try to guard against it.

          • @[email protected]
            link
            fedilink
            English
            111 months ago

            Why the fuck are you broadcasting a beacon to come hack your network? Of course they are going to find it if you light it up like a Christmas tree with a giant neon sign. I said you set up your cameras to record locally. Only an idiot would set up a camera system with an unsecured exposed port. Hell, set up anything with an unsecured exposed port for that matter. Especially one that is an always broadcasting system. It doesn’t even matter if you use a cloud provider at that point. All they have to do is hack an network hop near your home and install a man in the middle and they don’t have to bother hacking a server farm to get your videos.

  • edric
    link
    fedilink
    English
    13511 months ago

    This is what you show people when they say they don’t care about privacy because they have nothing to hide.

    • Alex
      link
      fedilink
      English
      1311 months ago

      Thank you for this comment.

    • lemmyvore
      link
      fedilink
      English
      411 months ago

      Meanwhile, two comments down: “why do people have cameras in their bedroom?”

  • @[email protected]
    link
    fedilink
    English
    10111 months ago

    why the fuck would anyone put a camera in their bedroom, or bathroom?

    Outside of people making porn, securing the entrances to a home should be sufficient, no need to video yourself sleeping.

    • @[email protected]
      link
      fedilink
      English
      73
      edit-2
      11 months ago

      They may have people working in their homes whom they do not fully trust - cleaners, maids, nannies etc.

      • @[email protected]
        link
        fedilink
        English
        211 months ago

        I live in Vietnam. This is perhaps the most common reason for use of indoor cameras here. People buy random cheap Chinese security cameras on the internet and put them in their homes. They blindly trust these cameras, which leads to what you’re seeing in this article.

        • @[email protected]
          link
          fedilink
          English
          6
          edit-2
          11 months ago

          That’s quite a reductionist and naive response. You never fully trust any other human being, you simply choose from the best of the options available. Furthermore, circumstances may change that drive people do to things that they wouldn’t otherwise. Besides potential property crimes there’s the added concern of accidents and legal issues arising from such. Cameras are useful tools to protect yourself from frivolous legal action by documenting everything that happens in places where employees are.

    • lemmyvore
      link
      fedilink
      English
      211 months ago

      How is the room relevant here? Is it not a grave invasion of privacy regardless in which room of the house it was? What even is your point, that if the camera had been in the living room instead… then what?

      • @[email protected]
        link
        fedilink
        English
        111 months ago

        The room is extremely relevant. The activities that happen on your patio, in your living room, are different than the activities that happen in your bedroom. Some of those activities are more sensitive than others

        • lemmyvore
          link
          fedilink
          English
          111 months ago

          So you would be ok with your livingroom being watched 24/7 by unknown people?

          • @[email protected]
            link
            fedilink
            English
            211 months ago

            Not at all. But there would be less sensitive material to be observed in that instance. Just because there’s different severities, doesn’t mean anything except the ultimate severity is acceptable.

    • Herbal Gamer
      link
      fedilink
      English
      911 months ago

      just looking around randomly and it’s weird how many of them are private property.

      • netburnr
        link
        fedilink
        English
        811 months ago

        Why is it weird? People get cameras to protect their private property?

        • Herbal Gamer
          link
          fedilink
          English
          311 months ago

          sure but not securing them in their own network somehow?

          There are driveways, front porches, some sort of office somewhere and even someones 3d printer all with rough coordinates and that’s without actually diving deeper into all of this.

          • netburnr
            link
            fedilink
            English
            1011 months ago

            People are lazy and ignorant to the lack of security in the products they buy.

    • ANGRY_MAPLE
      link
      fedilink
      English
      311 months ago

      Damn, that website almost has some of everything.

      I saw a building that looked like it was waiting to be boarded up. There were some streams with beautiful scenery. There was an official looking meeting room in Greece for, and I even found a stream of a train table!

  • @[email protected]
    link
    fedilink
    English
    5411 months ago

    Yet another reason why IoT crap sucks. You don’t need to put everything on the internet. This one should be obvious.

    • GigglyBobble
      link
      fedilink
      1511 months ago

      People don’t think about that. You have to register somewhere in order to use your $12.99 cam, install some app and are good to go.

      How would a someone not interested in tech know that the footage data is stored on some online server and you are at the mercy of their itsec.

      • archomrade [he/him]
        link
        fedilink
        English
        2011 months ago

        Which is why these companies that are marketing wifi and cloud-polling devices should be held responsible for the data breaches and regulated more rigorously.

        It should be cost-prohibitive to design a smart device that sends data to a centralized server, but they do it because the upside value of having the data is so attractive. They shouldn’t be allowed to hide behind a ToS agreement with mandatory arbitration when their security is inevitably breached.

        • @[email protected]
          link
          fedilink
          English
          811 months ago

          Take it up with your congressman.

          Seriously. It sounds like you have an informed and well-reasoned opinion. They’re not 100% corrupt. And they usually only hear about tech from industry lobbyists.

          Let them hear from an intelligent constituent for a change.

          • KᑌᔕᕼIᗩ
            link
            fedilink
            English
            211 months ago

            Good luck with that, your voice is going to be drowned out by all the companies masquerading as “people” whom they really represent.

            • @[email protected]
              link
              fedilink
              English
              211 months ago

              Taking the time to get in touch with representatives at all levels of government is just good citizenship.

              Sure, there are lobbyists. But there’s me too. We can’t expect to enjoy a civilized society unless we put in the effort.

              • archomrade [he/him]
                link
                fedilink
                English
                111 months ago

                I do it when I can, but that kind of influence just can’t be done by a handful of tech-literate terminally-online weirdos. It takes a buttload of money or a massive amount of public attention to push an issue like this forward, especially when political operatives absolutely benefit from both the data and the companies involved. The political calculus just isn’t there.

                More people need to know and care about this before any legislator is going to spend political capital on it.

              • KᑌᔕᕼIᗩ
                link
                fedilink
                English
                111 months ago

                Having done this before and being told to basically get stuffed from one of their underlings I have zero faith in it. It’s basically just another token thing that’s about as useful as “thoughts & prayers” for the most part.

      • @[email protected]
        link
        fedilink
        English
        111 months ago

        The question isn’t “how would someone know…?” the question is “do you know what a hacker does?”.

      • @[email protected]
        link
        fedilink
        English
        11
        edit-2
        11 months ago

        depends on the device.

        If the device dont provide local connection, there is nothing home assistant can do about it. Some device will also send data to the cloud even it is locally controlled by HA.

        • @[email protected]
          link
          fedilink
          English
          411 months ago

          Oh for sure. But unlike smart things or any other hub, only the data that needs a cloud connection will go through the cloud…

          • archomrade [he/him]
            link
            fedilink
            English
            1
            edit-2
            11 months ago

            Home assistant is great at what it does, but the problem is too big for HA to really fix it by itself.

            It’s the end-devices that are the biggest culprits, paired with the apps installed on your phone. It’s the reason Google was basically giving away their home-mini’s the last couple years.

            If you use a smart device that comes with - or requires - an app, it’s almost guaranteed that app collects a certain amount of data from you to be sold or utilized for user profiling.

            The problem is that everyone has half a dozen of those devices already, and swapping them all out takes time, effort, and money that most people simply don’t have.

            It’s a challenge even for the truly dedicated and privacy-minded individual to know which devices are locally hosted and which ones use local internet access or a permissive phone apps to function. Even if you DO manage to keep a clean slate, there are always companies that change their policies once they have high-adoption and force cloud integration on their users. See Phillips, Chamberlain, Microsoft, Google, Amazon…

            I love Home Assistant, but it’s a nightmare trying to cut out all the unsecured bullshit I’ve found myself with even in the past two years.

        • @[email protected]
          link
          fedilink
          English
          111 months ago

          Thanks to laziness of the device manufacturers, a lot of them either expose some data endpoints locally, or just use Zigbee which can be easily paired to be used local-only.

          Those that require Wi-Fi access can be filtered on the router to disable internet access.

    • @[email protected]
      link
      fedilink
      English
      0
      edit-2
      11 months ago

      With end to end encryption, and requiring manual key transfer (no key sync), this would not be an issue.

  • @[email protected]
    link
    fedilink
    English
    48
    edit-2
    11 months ago

    Why the fuck do people put security cameras in their bedrooms? It’s so weird to me that people do this. Even if you think (or at least thought) that you were the only one with access to the footage, won’t the presence of a camera make you feel like you’re being watched? Are we not on camera enough as it is that we have to be on camera in the supposed privacy of our bedrooms? Imagine if you told George Orwell that people would willingly put cameras in their most personal and private spaces.

    • @[email protected]
      link
      fedilink
      English
      2211 months ago

      Some do it to potentially document accidents - I know some racial minorities in my country that say they are accused of child abuse and investigated at the drop of the hat if they bring their kid to the doctor and they have any kind of bruise. I heard of a Muslim woman who lost custody of her kid for 48 hours until she was able to produce CCTV footage of her child breaking his arm in a playground accident, and not due to some act of child abuse.

      So, having a cam that catches your kid experiencing an innocuous fall wherever it may be in the house is a good security measure, particularly if the justice system comes at you preloaded with bias.

  • @[email protected]
    link
    fedilink
    English
    15
    edit-2
    11 months ago

    it’s funny the vnexpress would publish this. vietnamese people are obsessed with security cameras. they see them as a deterrent, or as a way to find the perpetrator later and get all your property back. they put them everywhere.

  • @[email protected]
    link
    fedilink
    English
    1411 months ago

    Hypothetically I want to secure my home with Cameras…

    What’s the best way to do this? OSS preferably.

    • vortic
      link
      fedilink
      English
      2111 months ago

      So, just an FYI, I bought Eufy cameras because I believed their marketing bullshit about being secure and end-to-end encrypted. About two months later they changed how they describe their security and quietly modified their privacy policy. Turns out they’re not really end-to-end encrypted and it is possible to gain access to the streams sometimes.

      My recommendation, after doing my research is not to buy anything that is able to be viewed remotely. Buy something that stores the video locally, in your home. If possible, buy and install wired cameras.

    • @[email protected]
      link
      fedilink
      English
      1511 months ago

      The most important thing is just to have cameras that are positioned to watch you in bed.

    • @[email protected]
      link
      fedilink
      English
      911 months ago

      I’m just about to setup TP-link cameras connected to Frigate (NVR software) with a Coral TPU for offline object detection. This means I can block access to internet for the cameras and use a VPN home if I want to watch them.

    • @[email protected]
      link
      fedilink
      English
      5
      edit-2
      11 months ago

      Onvif camera (It’s the standard. Any camera that supports onvif will be plug and play). Block the cameras’ Mac addresses at your router so they can’t get out directly. Install zoneminder on Linux. If you need remote access follow all the guides to securing a Linux server that has ports open to the Internet. (Ssl, tailscale etc.)

      Blueiris for Windows is great but it’s not open source.

    • @[email protected]
      link
      fedilink
      English
      511 months ago

      No-internet cameras hooked up to local storage.

      For remote access, you could use whatever you want to use for remotely accessing local files.

    • @[email protected]
      link
      fedilink
      English
      2
      edit-2
      11 months ago

      I use a old phone with IP cam on it, and only allowed local network access connected to my home assistant.

      I can view it remotely via home assistant cloud, which is E2EE from instance to phone.

      I presume Raspberry Pi Camera is also a great solution. And also I dont put any camera in bedroom or bathroom, because there is no reasonably accessible entrance there.

      • @[email protected]
        link
        fedilink
        English
        911 months ago

        Didn’t they just have a security incident where people could access other people’s full unifi account including devices?

        • @[email protected]
          link
          fedilink
          English
          211 months ago

          Correct but that’s only if you enable the remote connection through ubiquity, if you have that turned off its all local.

          • @[email protected]
            link
            fedilink
            English
            111 months ago

            Ah, I wasn’t aware there was an option to keep it local. Does that keep your entire site from being remote manageable or just the camera system?

        • @[email protected]
          link
          fedilink
          English
          111 months ago

          The security issue you mentioned I think only affected when they handle access to the cameras. I think you can set up a VPN and then turn off remote access on the NVR, so it seems possible to avoid that issue.

          That being said that’s a lot of work for something they should have handled securely in the first place and doesn’t give me much confidence about their security in general.

          • @[email protected]
            link
            fedilink
            English
            111 months ago

            It’s an interesting read since the cause of the issue was something to do with a database change that caused an overlap of groups.

  • @[email protected]
    link
    fedilink
    English
    111 months ago

    Link didn’t work for me there was nowhere to actually buy the videos. Where is the correct link?

    • @jivandabeastA
      link
      fedilink
      English
      11
      edit-2
      11 months ago

      Sus af bruh wtf

      Edit because im being down voted, i find it so insane that you guys are actively seeking out hacked ip cam footage from innocent people that’s being leaked online.

      There’s tons of porn on the Internet, and no reason for you all to be trying to PAY SOMEONE for non-consensual sexual footage

        • @jivandabeastA
          link
          fedilink
          English
          111 months ago

          Maybe, but i disagree because the way to make that joke would have been to use /s or quote the well known IASIP line.

          The way they wrote it, someone literally responded where they can find the telegram user for access

    • Herbal Gamer
      link
      fedilink
      English
      111 months ago

      They actually left watermarks with the telegram account on it in the pictures