Quote:
Originally Posted by Fuzz
I dunno, stuff like this is more than just not setting a proper password
|
Quote:
Originally Posted by psicodude
I think it's a good general practice to not blindly trust any of these devices and try to secure them yourself by means of a good firewall, not using default credentials, and not exposing stuff directly to the internet.
|
Huh, interesting, I didn't know about the Hikvision security issues.
That said, I treat all IoT devices (including my Hik cameras) as hostile. I have a separate VLAN and SSID for my wireless IoT devices (smart light switches, etc), and while they get internet access, they don't get access to my internal network.
The Hikvision cameras, I went a step further. They're on a separate network entirely, with a completely different IP subnet, and zero access to the internet. I use Blue Iris on a refurbished desktop PC to record from my cameras, and the PC has two network cards - one going to the switch connected to the cameras, and the other to my regular network.
I have the Blue Iris app on my smartphone, but when I'm not at home, I have to log into my VPN in order to access the cameras. Not something your average person can set up, but since I have the IT background, I was able to take those extra precautions.
Quote:
Originally Posted by psicodude
Yeah, the entire IOT industry (including cameras) needs to do a better job of making their products secure. Even Nest was hacked a few months ago. The challenge is that a lot of manufacturers use linux as the OS to keep the price down (as opposed to developing their own OS) but either don't know what they are doing or don't care.
|
If you search for articles/videos by Troy Hunt (he's the guy behind the "HaveIBeenPwned" site), he's showcased a couple examples of questionable security practices by various firms, both IoT and otherwise.
There was a smart lock (I forget the name) that had a serious vulnerability, which enabled anyone to remotely unlock any door with that lock, with zero authentication. The guy who discovered it tried to get the company's attention, but they blew him off. Once he wrote a blog post that went viral, the company fixed the bug within a week. That's mainly why I refuse to install things like smart locks in my house, even though I'm a tech geek.
Quote:
Originally Posted by psicodude
IMO, any home security related device cannot rely on the internet to work. Just too many issues with downtime, latency, etc. A device that records locally and then backs up to the cloud is fine, just not one that directly records to the cloud like Nest, Arlo, Ring, etc.
|
I try to stay away from any proprietary/cloud-based systems now unless I have to, for that very reason. The name escapes me right now, but there was a home automation brand that recently announced they're going out of business, essentially rendering all of their devices worthless.