I like these devices as they are extremely reliable - sad thing is, after testing 18 of them including those from ADT & Yale, they all have the daily hard coded admin password issue - You can login as admin and if you have the daily password list, you type in the password that is relevant to what day of the year it is. Straight into setup, no other questions asked. Can be done via the main control port with the right knowledge - locking off port 80 and others may not help.
The only way to secure these devices is to use a firewall that can let in dyndns enabled phones - You need to run the dyndns client first on your phone, then the firewall will only let in devices that have that dyndns name. VPN's also work well but are much more problematic. pfsense is router software that uses older PC's and works well with this method.
If anyone knows of any DVR that they think is secure, I would love to know.
They all seem built with the same 'engine' which has the password issues.