John747 0 Posted January 8, 2015 I'm just wondering if anyone has concerns about putting their camera logon into the Hikvision android app. For now I've been using the IP Camera Viewer app but I think the Hikvision (ivms-4500HD) app may be better. Little worried the app could collect logons and ip Share this post Link to post Share on other sites
Boogieman 1 Posted January 8, 2015 I'm just wondering if anyone has concerns about putting their camera logon into the Hikvision android app. For now I've been using the IP Camera Viewer app but I think the Hikvision (ivms-4500HD) app may be better. Little worried the app could collect logons and ip You are paranoid....why do you think hikvision is more likely to do it than ipcamviewer (which is a great app)... If you are overly concerned, use vpn and dont port forward anything.. Share this post Link to post Share on other sites
buellwinkle 0 Posted January 9, 2015 Most people install apps that give away all their personal phone information on their phone. How do I know, I've been in the business of capturing this sort of data for years. Same with Facebook. The information gathered, typically for marketing purposes is so staggering they built trade shows around just where to store and how to analyze the data. Even a new class of databases called graph databases that allows companies to analyze your relationships with others by using your phone list, your Facebook friends, your call patterns. Then they use sentiment analysis to analyze text messages you send, Facebook posts. The combination of the two is used to determine how happy, sad, mad you are and what other people you influence to determine marketing strategies and all that are the good guys, image what the bad guys can do with the information, geo tracking, phone lists, text message, pictures on your phone, maybe they heard of a new camera system you installed, a cool new 80" 4K TV, a vacation you are taking. All because you wanted a simple app to turn make your phone a flashlight or play a game. And you are worried about a government run camera company in communist China getting this information. Good for you standing up the new age of Big Data. Share this post Link to post Share on other sites
TheUberOverLord 0 Posted January 10, 2015 (edited) I'm just wondering if anyone has concerns about putting their camera logon into the Hikvision android app. For now I've been using the IP Camera Viewer app but I think the Hikvision (ivms-4500HD) app may be better. Little worried the app could collect logons and ip You have every right to be concerned about security issues. It has nothing to do with "paranoia" and for sure I wouldn't sick "My Head In The Sand" because social media sites collect user demographics. Both of those comparisons are not even in the same class as being careless with devices that can be remotely accessed. 1. If/When possible. Never access IP Cameras remotely or via any "Front-End" remotely from a device using HTTP access methods over anything but very trusted and secure Internet connections. To do otherwise is asking for trouble. Especially more so when using administrative level access User credentials. Most IP Cameras and/or their front-ends, now support HTTPS access methods. I am more then amazed that many IP Camera owners who went out of their way to protect their property with IP Cameras use HTTP access methods to remotely access IP Cameras that support HTTPS access methods. I guess, once your property is protected. No need to worry about much of anything else. 2. Never when possible port forward the IP Cameras HTTP port or any other IP Camera ports besides the HTTPS port and any video port required to access the IP Camera remotely. If you're using a front-end like a NVR, NVS, CMS or other front-end that requires port forwarding. Use the same logic. Never access that front end when possible, using HTTP Access methods. 3. You should be able to create a User Level. Like an Operator level User id that can do most things remotely, but doesn't expose User credentials that if breached could expose IP Camera configuration data like stored FTP/Email User credentials or allow the IP Cameras firmware to be modified. For most of your remote access needs. This avoids always exposing administrative User level credentials when using remote access. Why always dig a hole in your yard while being dressed in your best suit. You could, but how smart would it be? This is not so much about simply having an IP Camera exploited as it's about someone gaining administrative access to the IP Camera or front-end for those IP Cameras. Which they then could abuse as an example to gain access to any User credentials for say FTP/Email accounts stored in the configurations of same. IMHO. If you have any User credentials like that stored in the configuration data of devices like that. You should make sure that as an example the FTP User Id is restricted to a subset of folders and does not have root access. In a perfect world it would be also best to have a different Email account when Email user credentials are stored that is IP camera specific. With no other Emails that may contain personal data that could be used for Identity theft purposes. If those IP Cameras or front-ends were ever breached. There are few ways to setup a VPN correctly and many ways to setup VPN's which will expose you to more possibilities of being exploited before you ever even used a VPN. Even if you only include cameras in that VPN. If they are exploited with malware. They can end up infecting many other devices on your own network as well as networks you access that VPN from. For sure, you would need to consistently use much more due diligence then you may be prepared to do when operating and maintaining a VPN properly. IP Cameras even complicate the activation of a VPN more than usual. Many IP Cameras have ports and default User credentials for those ports that while they may not be in the public domain. Many know what they are. If the VPN became breached. It would be very easy to use those IP Camera ports and those default User credentials to exploit those IP Cameras. Making you less secure then when you never were using a VPN. If/When that VPN became breached. It's not a stretch to see this Router/AP exploit being modified to run in Linux based IP Cameras or their front-ends soon. In fact, I would be rather amazed if it not already at least not being tested and played with at this time: http://krebsonsecurity.com/2015/01/lizard-stresser-runs-on-hacked-home-routers/ So, if a VPN becomes breached. Default ports and their default User credentials can instantly and very easily be abused ("Remotely"). Had that VPN not been activated. Then those ports would not have been available to exploit ("Remotely"). If only the IP Cameras or front-ends were only port forwarding the HTTPS and video ports ("Without a man in the middle attack or some other HTTPS exploit") or key logger like exploit or firmware exploit. Even then, if you were using a Operator level User Id when this happened. It would in most cases, not instantly allow administrative User level access with only port forwarding in place. While it's important to worry about if the User credentials stored in a device used to access your IP Cameras remotely are secure. It's equally important to not lose sight of how those User credentials are transported when using them, for those devices as well. You could do everything right to protect that data stored in that device and everything wrong on how that data is used when sent to the device it's meant for. So, both things need to be addressed. Not just one of them. It's never a bad idea to see if you can locate software for a specific device that will show and log access from/to that device. In many cases you can locate free software that can do this. The same can be done with Router/AP's to see what devices are receiving/sending data and on what ports. One does not need to always run this type of logging. But's it's a good idea to do it from time to time to see if you see any unusual access. Otherwise, there very may well me other things going on that you don't know about. Including potentially malware running on a device that's not been located yet. Being concerned about how remote IP Camera access or accessing any normally LAN restricted devices remotely, can and does impact your security. Is far from being foolish. Don Edited January 10, 2015 by Guest Share this post Link to post Share on other sites
Boogieman 1 Posted January 10, 2015 Wow, thats a lot of useless dribble when the OP's question was totally unrelated to your explanation...The OP was questioning using the hikvision app as opposed to ipcamviewer...his concern what that hikvision was secretly recording login credentials.. As an aside, using vpn is extremely secure and exposes the user to no more risk than when the phone is logged on to their home network. Share this post Link to post Share on other sites
TheUberOverLord 0 Posted January 10, 2015 Wow, thats a lot of useless dribble when the OP's question was totally unrelated to your explanation...The OP was questioning using the hikvision app as opposed to ipcamviewer...his concern what that hikvision was secretly recording login credentials..As an aside, using vpn is extremely secure and exposes the user to no more risk than when the phone is logged on to their home network. I could go into more details on the downsides of implementing VPN's the wrong way. As I am sure others here are also capable of explaining to you, those potential downsides. But I don't play well with people that insult me with ignorant comments with no valid reasons to do so. So, I will wait for those who might wish for more details or for others here. To help you better understand those downsides. But, thanks for sharing that you feel that using a phone within a local network is equal to using that same phone, with a VPN and remote access to access devices normally restricted to LAN access only. Is not creating any additional security risks, of any kind, when/while doing so. Don Share this post Link to post Share on other sites
John747 0 Posted January 12, 2015 Overloard, thanks for taking the time to post. Very informative. I think there is a difference between paranoia and recognizing vulnerability. Boogiemans point is valid though, both apps have similar vulnerabilities. After reading the book Stonewalled I think differently about net security even though I don't see myself as a target for any legitimate reason. http://www.amazon.com/Stonewalled-Obstruction-Intimidation-Harassment-Washington-ebook/dp/B00HLIYWA8/ref=sr_1_1?ie=UTF8&qid=1420747811&sr=8-1&keywords=sheryl+atkinson Share this post Link to post Share on other sites
TheUberOverLord 0 Posted January 12, 2015 Overloard,thanks for taking the time to post. Very informative. I think there is a difference between paranoia and recognizing vulnerability. Boogiemans point is valid though, both apps have similar vulnerabilities. After reading the book Stonewalled I think differently about net security even though I don't see myself as a target for any legitimate reason. http://www.amazon.com/Stonewalled-Obstruction-Intimidation-Harassment-Washington-ebook/dp/B00HLIYWA8/ref=sr_1_1?ie=UTF8&qid=1420747811&sr=8-1&keywords=sheryl+atkinson You are very welcome. My Point about using a VPN is that it's not some "Magical" solution or "Secret Sauce" to more secure remote access. With nothing more to do, then to simply turn it on. There are correct ways and very many incorrect ways to implement and manage a VPN, as an additional security layer. Doing it the wrong way, can very well open you and networks you access that VPN from. Too many more security vulnerabilities then you and those networks had, without that poorly implemented VPN being activated and used. I'm just wondering if anyone has concerns about putting their camera logon into the Hikvision android app. For now I've been using the IP Camera Viewer app but I think the Hikvision (ivms-4500HD) app may be better. Little worried the app could collect logons and ip You are paranoid....why do you think hikvision is more likely to do it than ipcamviewer (which is a great app)... If you are overly concerned, use vpn and dont port forward anything.. If someone needs to make ignorant comments about bringing that fact up. After they themselves suggested using a VPN ("With no suggested details on how to go about that"). Well, I don't have the required training to deal with their issues causing them to need to do that. Don Share this post Link to post Share on other sites
thewireguys 3 Posted January 12, 2015 I'm just wondering if anyone has concerns about putting their camera logon into the Hikvision android app. For now I've been using the IP Camera Viewer app but I think the Hikvision (ivms-4500HD) app may be better. Little worried the app could collect logons and ip If your worried about the mobile app then you really don't wanna use there http://www.ezviz7.com/ solution. Once the cameras call home they could have complete control of your camera and video Share this post Link to post Share on other sites
John747 0 Posted January 15, 2015 If your worried about the mobile app then you really don't wanna use there http://www.ezviz7.com/ solution. Once the cameras call home they could have complete control of your camera and video I'm no networking expert by far and for a while I kinda enjoyed setting up my home network but after a while it gets to be a pain in the a$$. I seem to have enough experience that at least part of the time I can recognize that there is a security issue even if I don't understand it. To get started with the security cameras I bought a wireless Dlink. To set it up and use their moble app, they want me to make an account on their web site with all the camera info and the logon for my router Yes it makes it easy to setup and I hope dlink keeps the info secure but I'm not going to expose my network to that risk. Works fine with my synology and Security Camera Viewer. Share this post Link to post Share on other sites
