Security and IP Cameras - Gadget Victims

Post Top Ad

Security and IP Cameras

While being a security device by vocation, an entry-level IP camera is rarely secure itself: the embedded server does not offer any way to encrypt your login and the data stream. Fortunately there are ways around it, as well as common sense practice to reduce the risks.

If you're willing to spend 300€+, there are IP cameras with embedded SSL on the market (Axis, Panasonic, ...), but if, like me, you preferred buying 6 cheap chinese ipcams instead for that price, you can only use plain, unencrypted HTTP. Thanks to this lack of security, the role your "security" device can be completely inverted by opening a wide open window inside your home. The dream of any potential burglar planning an on-site visit!

First: the obvious ... restrict the HTTP and FTP accounts to reduce potential damage.
The first thing for any unencrypted access to your LAN is to only use it with a dedicated combination of user name and password that is used nowhere else (not even for the FTP service), so to ensure that if your IP cam login is ever "sniffed" by a hacker, the intrusion will be confined to your camera, and won't extend to your NAS, or computer!
Furthermore, the role of the account used for accessing from the WAN should be limited to Visitor (access to fixed view only) or Operator (access to PTZ control), to prevent any intruder from tempering with the configuration and clearing the traces of his visit in the log (you should inspect the log regularly for hints of unusual access).

The FTP service account: this other login will be easily compromised if you use the same user/password as fort the HTTP server or if you upload picture to an FTP server on the Internet. So the same kind of precaution applies here: use another unique user/password set with limited access to the target server, so the potential hacker won't be able to use that account to pump all your data.

Next: consider solutions to prevent intrusions.

1. If you are only accessing your IP cameras from fixed external locations, consider setting up your home router to allow incoming HTTP and FTP requests from these fixed IP addresses only. This alone will greatly reduce the likelihood of an intrusion.

2. If you have a Network Access Server (or NAS), you may have a choice of options:
e.g., the Synology DiskStation range offers a Surveillance Station to control your cameras through its HTTPS access. In the case of Synology though, you need to purchase extra licences to control more than one camera.

3. Some NAS and routers, come with a VPN server, and this is your best free option.
While PPTP is slightly easier to set up,  OpenVPN is generally acknowledged as faster and more reliable.

To make it work with the outside world, you need to check that you router allows the VPN traffic to  pass through. This option is usually present in the user interface and needs to be enabled.

If a firewall is on, further set up is needed to allow traffic through the required ports.
Generally it is UDP 1194 for OpenVPN, and  TCP 1723 + GRE (Generic Routing Encapsulation, IP protocol ID 47) for PPTP.

Once your VPN connection is working, a tunnel is created between your remote client and your intranet at home (i.e. behind the NAT). 
As a result, every server in your LAN can be accessed just as if you were home.

Therefore, you will now use the intranet IP addresses of your cameras to connect to them, but you'll be the only one to watch!


  1. Merci pour ce topic concernant la sécurité ;)

    tiens, si ça t'intéresse:



  2. bbah and others,
    Since you are so expert in this subject maybe you could help me..

    I updated firmware on clone F8908W by DX, succesfully with latest suitable FW, Wifi with old firmware was working bad, now with new I'm not able to establish a connection with the router by WIFI.

    The strange thing is that the CAM is able to find my router on WIFI (netgear dg834gt) automaticallt (scan), then when I do submit, wait for the re-booting and unplug the ethernet my PC is not able to connect with the cam and in particular also I don't find the cam in the attched devices of my router.

    I'm confused, I do n't think is an HW problem since somehow WIFI work (find the hotspot and with old F/W was more or less working..)could be a router setting?
    I tried with all the kinds of enchryptions..

  3. @alberto76
    I compiled some popular causes in this post. The bottom line is: keep everyting simple and short, from AP name to encryption key. Long keys, long Access point name and symbols in them are the most likely sources of such troubles.

  4. Thank you Bubba, I tried without encryption ( I live in the country side:))and my AP name was NETGEAR..
    In the meanwhile I'm seeking info on 360° also contacting the OEM that is the company reecam and aparently they are trying to answer me...
    Since I'm not really familiar I cannot understand how is possible that:
    a: scan works
    b: with older FW somehow was working
    c: with new FW doesn't work.

    Maybe is a FW problem, even if I used the one foscam suggested to use ( the size in bytes of file matched and I took it from the DX forum) and the flashing proceeded without issues.

    A question: do you think it may be possible/useful to flash again an older firmware?

    Thank you again.

  5. These ip cameras are all very similar in hardware and it is mostly the WebUI file that gives them a different look. The main hardware differences reside in the size of the flash memory, which is why some large firmware can brick a camera with small flash, and also the brand of the component, like the wifi module.
    Depending this, in some case, the channels above 11 cannot be used. Maybe another thing for you to check.
    Also, if your lucky enough to get a recent firmware directly from the manufacturer, that would be worth a try.

  6. Hello - bubbah and the others.

    I bought an IP camera from Dealextreme - it looks like

    But I have a problem with limited Wifi - it works just near router. And then I read on the bottom of your FAQ

    that this can be an antenna issue.
    Is there any additional information how to repair this. I'm a noob ... so sorry.

  7. @Iztok Grilc
    You will just need to unscrew the bottom plate (you have to punch through the warranty seal but you wouldn't return it for repair anyway) and remove it.
    It will then be quite easy to follow the wire from the PCB to the antenna connector and check if it's loose or damaged.

  8. Thank you, I will try next week (at the moment I'm on vacation) ...

  9. In my case the cable is connected to Antenna. I'm pushing with the manufacturer (reecam: about firmware confirmations and also opening a ticket with DX.
    I already opened the bottom. Do you think I breached the warranty?
    I also tried with low channels number in the router.
    Maybe I'd try to downgrade the firmare and reset completely the cam.

    It is sad that WIFI is not working since apart from this I think is a good product.

  10. @alberto76
    If you had to pierce a "warranty" sticker to unscrew the bottom, then it officially voids it. However, it is unlikely that you are willing to pay the shipping (often as high as the camera price) to return the camera, so just don't tell them and see how they (Dx or Reecam) can help. Maybe the Wifi card is dead and could be replaced somehow...

  11. I opened the camera, but I didn't find nothing suspicious with antenna ... After that, I tried again. Nothing changed - Wifi worked, but just a meter from router. When I go a meter and half, it stops. I really don't have any more ideas. I also tried other antenna, but all the same.
    Will changing the firmware (i read that it is dangerous procedure) helps?

  12. I don't think that changing the firmware will do anything to this. It looks like a range/antenna problem since it works beside the router (which also rules out a defective wifi module actually). Tempering with the firmware will only make thinks worse here.

  13. if you have running a pc or server at home: STunnel is a good solution to add SSL to the IPCams.

    relevant section of config file:

    accept =
    connect =
    TIMEOUTclose = 0

    accept-IP is the IP of the pc, connect-IP is the IP of the cam.

    regards, Josy

  14. Multi-vendor IP camera web interface authentication bypass

    Vulnerability Note VU#265532:


    The web interface firmware for Foscam and Wansview H.264 Hi3510/11/12 IP cameras contain an authentication bypass vulnerability. Other vendors that share the same base firmware image are also vulnerable.


    It has been reported that the web interface for IP cameras from several vendors including Foscam and Wansview contain an authentication bypass vulnerability. By visiting specific URLs, an attacker may be able to perform any function a normal user can. The admin password is also leaked through client side Javascript.


    A remote unauthenticated attacker may be able to execute any command available to the web interface including full administrative functions.


    We are currently unaware of a practical solution to this problem. Please consider the following workaround.


    I have created a test tool to help determine if your H.264 camera brand and model are currently exposed to this, since there are many brands and models that are.

    Note: I reported this issue.

    This is why I took the time to create a tool to test for it being present. There maybe firmware released to fix this problem, if your camera is found to have it. New firmware is required to fix this issue.


  15. Hello,
    I have Unidentified IP Camera, please help. It looks exactly like Foscam FI8908W BUT: there is a pin hole on the front (mic hole for better sound), there is NO I/O alarm input, and in settings there is: Device ID MEYE-008640-FFBFF, Device Firmware Version, Device Embeded Web UI Version

    Does anybody knows what is this piece of HW?


    1. I have a SriCam P2P with that firmware and with MEYE-...

  16. continue... the camera looks exactly like wanscam JW0008...

    1. It is almost certainly a SRICAM AP001:
      They have that very same firmware version available for download on:
      and they use MEYE-000xxx-xxxxx as free P2P.


  17. You are right! Genius... can you recomend THE BEST surveilance DW for those types of cams? I tried iSpy but it has no free remote (over internet) access. I need correct PTZ, recording and remote access.

    1. I published an article with some apps (it's a bit outdated)

      BlueIris or WebcamXP are good software. I personally use Surveillance Station from Synology. It's good but each camera license cost almost the price of an actual IP Camera.

      Sricam is probably a OEM clone of some better known manufacturer, Maygion, Foscam, Wanscam,...
      You'll have to try various brands and models when evaluating BlueIris, WebcamXP, find out which one works.

  18. Thank you. Last question. Are there some outdoor PTZ cameras as cheap as foscam/wanscams etc. ? Indoor models may reach price about 35USD. Outdoor models are about 100USD. It seems to be too much for a few more plastic.

    1. I've got this one outside under the porch for about for 3 years and still working, it was around 50$. Not really weatherproof though:

      A real outdoor device with HD 720p, + PTZ + Wi-Fi can be found from 95$, like this one:

      Can really comment on their quality as I didn't try any yet.

  19. SRICAM AP001 - is it possible to turn off LED diod in the front?

    1. Maybe. Try the first trick explained here:

    2. NOPE it only asks me for user and password

  20. please help with the led disable on sricam AP001 cant disable want user \ pass that dont have it

    1. Add the user´s name and password at the command line.http://xx.xx.xx.xx/set_misc.cgi?led_mode=2&user=admin&pwd=password (type in your password)

  21. i can change the value of led_mode to 2 but its not working
    just 0 and 1 working always on or flashing.
    this is the good link to do that


  22. Last minute information on SRICAM AP001. Just talk with manufacturer support. There is no way to turn led off, just blinking or steady on. Other way to change the activity led status is going to web cam settings, then PTZ setting , turn SIGNAL on or off. Again no way to turn green led completely off


Note: Only a member of this blog may post a comment.

Post Top Ad