Is a P2P IP camera a network security concern? Part 2

…  Continued from Part 1

P2P IP Cameras from prospectives of typical user

IP camera with remote / mobile view and access is a wonderful idea and a great tool for achieving security recording,  management, and for peace of mind, but how many of us consider the other aspects not so loudly advertised by manufacturers and suppliers?

Details which unfortunately might turn a peace of equipment bought with the purpose for increasing the security level at the place, to become  a part of a vast cloud service which might share its picture and videos far and wide!

When we see “P2P” view and access support, the thrill is about “easy to use” and “No Configurations necessary!” but still – for any network device to connect and be accessible across the internet, it’s services  apparently opens some communication ports automatically (by default). This means that certain routes and ports are open through user’s router and firewall (at camera side) and information packets are flowing through.

The more disturbing facts are that most of those services  are enabled by default without granting any particular details or asking for user’s permissions, and the worst part is that for those services are resistant to switching them back off without involving some skilled network security procedures.

In summary, what are the most common issues here:
  • P2P services are based on “Cloud Based” servers where user’s big data is processed and stored; There are interesting comments all over internet about some examples referring to entities handling such data.
  • User registration process usually requires email transaction for password verification. Of course this is technically normal but one should keep in mind risks of hacking if a prime email address which controls user’s essential information like bank accounts, recovery of administration to other systems, identification details etc. It is recommended use of email address which is limited for the security cameras only.
  • Pre-made Applications usually require allowing to many functions and sections of user’s mobile device, including contacts, microphone, cameras, location details, storage, processes etc;
  • Increasing of network traffic after installing such P2P host within the network, even at times when no active streaming is initiated or required;
  • Cameras and devices are reluctant to accept settings turning those services off, even if so is exclusively requested by the user;

Network administrators and skilled users often notice automatic opening of certain ports of the network firewalls and strange traffic flowing to worldwide destinations typically associated with countries of manufacturers of the hardware or Cloud Service Providers. Logical questions arise about the levels of confidentiality, safekeeping and policies  (refer to some examples) about collecting of stored information and it’s ethical handling.

One of the examples refers to a lengthy discussion thread on a support forum of a Chinese security cameras manufacturer. The user who started the thread had notices very unusual communication traffic from his network after adding the IP camera. Many similar experiences are shared by users after adding other P2P devices like home plugs, smart automation controls etc.

The thoughts which are sketched out above are probably lead to further related  logical questions, like:

  • How insecure is my security system?
  • Cloud Services – can they surprise us with some cold rains?
  • My own data – to whom does it really belong?

and many more….

  To Be Continued………..

 

 

Leave a Reply

Your email address will not be published. Required fields are marked *