Subscriber Discussion

Cloud Storage And Chinese Cameras

UM
Undisclosed Manufacturer #1
Feb 16, 2016

I'm curious to get everyone's thoughts on the security concerns of cloud storage, especially related to Chinese manufactured cameras. There are thousands of cameras being sold into the U.S. all promoting they enable users to view live high-definition video on a smartphone from anywhere they have internet access. These cameras work by uploading video to an unknown server somewhere in the world. The companies owning these servers have access to all this video. In the case of Chinese manufacturers, there is also the possibility that the company is actually owned by the government. There are now IP cameras being sold for under $50 and they are being placed in homes and businesses all over the world. Are there any regulations on these companies? Do you think the normal person who is purchasing these cameras and placing them in their homes realizes that all their video can be monitored and accessed even though they have created a password on the unit? It just seems that we are exposing a lot of vulnerable information and there doesn't seem to be much discussion related to the security concerns related to another government having access to all this information.

U
Undisclosed #2
Feb 16, 2016
IPVMU Certified

...concerns related to another government having access to all this information.

More people might be concerned about our government having access to all this information. Because it is more likely be used against you, no?

But really, what do you suppose China will do with all our home videos?

Figure out our street addresses and daily habits and then break into houses one by one?

Read bank statements from across the room using super resolution?

Play propaganda using subliminal audio?

Anyway, let's say they did that.

Wouldn't the government just block the IPs that the cameras use, assuming we caught on?

Anyway, what makes you think you can escape Chinese written firmware on your home LAN?

List your devices please.

(1)
UM
Undisclosed Manufacturer #3
Mar 05, 2016

The way these cameras works is P2P - Peer to Peer. The manufacturers including Dropcam, use self-hosted / AWS / Alicloud (Alibaba Cloud) / Google Compute / Azure servers running the P2P code. Each camera that these guys are selling have an ID. The P2P server information is hard-coded in the camera firmware, so the camera knows which server(s) to look for. The whole concept of P2P is to just establish an authenticated connection (secure tunnel) between the client and the camera / NVR / DVR. So you never need a static IP, DDNS, Router NAT Traversal etc.

Once you start recording on the cloud after authentication, that's where the privacy issues crop up. Who would you trust more? Dropcam vs Hikvision?

New discussion

Ask questions and get answers to your physical security questions from IPVM team members and fellow subscribers.

Newest discussions