Foscam Camera Vulnerabilities - Ouch


#1

I wonder if you people have seen the news reports of the vulnerabilities in many of the Foscam cameras, how many, 17+ or there abouts!
.
People have been told to disconnect them from the internet… Opps, Lucky we are running NCS :slight_smile:

John


#2

#3

This is why software like Netcam Studio is so important.

The foscam hardware is pretty good in fairness, and is good value, but this is because they are doing the bare minimum (and less than that) with regards the software. ActiveX controls, dodgy android apps, random pings to foreign servers, constant advertising of cloud storage for their app, etc

I have an outdoor foscam camera and I haven’t logged into the interface in more than a year. I set it to switch on IR automatically, disabled all UPnP, P2P and other features, and that’s it. As a dumb feed it is great. I hope I have myself covered in this regard.

I’ve a wansview indoor cam as well which I suspect is as shady as the foscam. Again, all features disabled other than providing a feed.


#4

Some of these chinese cams are a bit scary. I order a lot of them to do NCS testing but some do just register themselves on a kind of automatic dns service.

As i didn’t open anything on my router i though it would be ok and would not work but the camera just registered itself over upnp and it was really reachable on the address that is written on it from the external world so better to be careful and verify closely what can potentially be reached on your network especially with such low to mid-end hardware :slight_smile:


#5

I think the day when marketing of the cameras always started with CLOUD-something that day the security was lost. I was more important to get your sleeping baby or your cat or your dog or … up on your cellphone in 2 minutes than keep it secure.
-Henrik


#6

I have made sure all my cameras are blocked by the main internet router, and thus NCS is the best solution :slight_smile:Add it to your marketing!


#7

Thanks.
In ncs version 1.6.0 we are working on to increase security. Many user open up ncs to the public domain for their mobile devices and therefore the security must follow these interests.