So good to see someone who understands these. Most Electricians/Data cabliers/Handyman and even Security companies will just wack these in and let them go without turning off all the features. (As you have shown) These days its all about getting that footage onto your iphone via "the cloud". CCTV needs to be kept inhouse and well away from the web. -Another great video! Thankyou.

Love your vids man, even with my basic ish understanding of networking you always explain in a way that makes sense and gives me a more broad range of knowledge for stuff you can do with networking, cheers from NZ.

Follow the money and the companies they believe are “trusted” providers, Suddenly axis and motofalure camera sales go through the roof. Hikvision kit works well but like all vendors you need to seperate your networks.

Just found this channel and am loving it. You don't explain EVERYTHING but rather expect the viewer to have some network and Linux knowledge.

allowing dns outbound, even via your own dns server could still allow it to make seemingly innocent dns requests outbound to exflitrate some information outbound. Going even more tinfoil hat, they could pass the password out via an encoded dns request by crafting a specific dns response that triggers a hidden piece of code inside the camera for example - so it all looks innocent, but they could wake up functions via specific dns responses.

Most people don't have the knowledge and skills to do PEN testing, security hardening, VLANs, etc., on their home network. Eufy's cameras uploaded video and photos to the cloud without consent, and their cameras were accessible externally with encryption or authentication. When I put my cameras in they will be ethernet only, no cloud or restricted to connect only to that address, no remote access to the cameras, perhaps just use a synology or qnap and do it yourself.

I've had a good run with Reolink which are ONVIF compatible (most models) and first thing I did was disable DDNS and UPnP. Have a macOS Mojave VM just for SecuritySpy which is an amazing bit of software for CCTV.

We had hundreds of these cameras - on a completely separate VRF, on a completely separate firewall zones - nothing available to any camera. We monitor the firewall zone constantly. Nothing gets transmitted, let alone try to get through.

I stopped using POE cameras. I was getting a lot of interference around 144MHz range. I had the interference on 4 different brands. I unplugged the cameras from the NVR and the noise went away. I even tried Cat6 shielded cable and didn’t make a difference. Move to HD analog cameras and no more interference.

So, time to contact government departments and offer to buy their scrapped cameras for 2c on the dollar

I'd be more worried about an attack vector from the HikVision mobile app (even if connecting behind a VPN) or the iVMS remote software (that requires administrator rights to run!) - than the actual cameras themselves.

U can use SADP tool to find the ip address from the camera

Look into using Frigate

Every security camera is made in China. Problem I have with Hikvision they continue to hang on to using IE11 with active X both have been discontinued years ago. The larger HD cameras were amazing quality the interface was terrible. Downloading video clips didn't work just failed to download had to do all kinds of work arounds. IE11 running as an extension then that quit working also. I moved on to amcrest cameras just lot easier to work with.

Great video! Anything IoT device that comes out of China should be a concern for anyone. Its too bad that home wifi access points/routers don't all have the ability to separate IoT devices with vlans. Btw, I love hikvision cameras, and have many of them.

For a home locking down their outbound access is probably enough. If you’re at the level of nation state espionage you need to start physically inspecting hardware for transmitters etc that could exfiltrate data locally to an asset nearby, internet or no internet. The kind of crafty shit you can do with a big enough incentive and the ability to manufacture hardware is limitless. Any cameras I have inside are physically disconnected from power when at home.

Usually the main risk is IT departments that don't install security updates on cameras

i prefer having separate VLAN on OpenWrt this device, just for this purpose, also without outside access.

UK Gov and the UK NHS were still using some Windows XP and Windows NT machines with no password and some with Pa55w0rd$ as the password as recent as 2021, these stopped being updated by Microsoft when gods dog was a pup, the only reason I can see for this is if they have some software that is XP only, but why this is not running on VM's within a secure envoiroment is beyond me, who is running their systems? Mickey Mouse?

can we do same for waze cam???

how did you enable ntp server on your router? might have missed that in your previous videos.

It looks like all governments in the world happily delegated their obligations to China 🙂

nice video, i need to go over ip tables again :>

Cześć, Paul. Skąd masz ten diagram?

most TVs have more sus network traffic than this thing

Nice Rode microphone I see.

Besides the obvious national security threat of the CCP installing undocumented features, there are a lot of grey market cameras out there with questionable firmware. For instance I have the Chinese region hikvision cameras which were modified after coming out of the factory to have English menu's, these cameras were then flipped on ebay for a low price and they arrived on my door step. Who knows what else the firmware does? The fact is I don't care, they are on a isolated vlan/subnet and my NVR can pull an RTSP steam. I think the threat these cameras present to large campuses and enterprise networks is, in the absence of NAC on the access layer and with huge firewall rulesets, who knows if that camera/cameras are is really isolated? Did they get plugged into the right vlan? will they stay on the right vlan? Did the 'SNR Network engineer' do his job properly?

😂sky news… fear mongering.