Security camera recommendations, alternatives to Ring

[+Warwagon MVC]

3 minutes ago, BudMan said:

No that is not true at all.. Are the users to blame for many issues sure!!  But when the options are not even their for the educated to use if they wanted to.. Its not like the application asked hey do you want to exchange info in the clear or secure, etc..

When ring came up their security did they never once have a "Gibsonian response" to their practices?

[jnelsoninjax]

3 minutes ago, BudMan said:

No that is not true at all.. Are the users to blame for many issues sure!!  But when the options are not even their for the educated to use if they wanted to.. Its not like the application asked hey do you want to exchange info in the clear or secure, etc..

 

These iot cameras sharing code without  proper security audits of their own - who do you blame for that?  back door logins, etc. etc.

 

These companies do need to be held accountable for the security of their products.. If the user reuses passwords, that is on the user.. But flaws in basic protocol use is not the users issue..

So would you say it is 50-50? The company is at fault for not providing a more secure product and the user is at fault for not understanding the basic concepts of security, and not using the same password?

[+BudMan MVC]

Name one iot device that supports wpa2-enterprise?  Or 802.11w?  They do not have to be enabled out of the box - but JFC give the user the ability to turn such features on!!  Then if not in use the company can say - hey not our fault the idiot user did stupid ######!

 

edit:

Is it 50-50.. To be honest would lean more toward 60-40, 70-30... Company needs to provide documentation to why you need to enable 2fA, etc.  Why you should isolate your vlans.. I know for sure the general public is like herding cats when it comes to being secure.. But many of these companies don't even try, or even give the tools to the users to do better security if they want to... 

 

Take plex for example - how long have users been screaming for 2fa, yet to be an option... But F me if they didn't spend lots of development time on adding ###### to your library with ads in it!!  So they can make more money.. And is it opt in, no its default!! And the user has to turn it off if they don't want to see it..

 

The overall problem to be honest - is security sucks!  It makes it harder to do what we want!  And users want easy, and simple and they sure and the F do not want to be bothered with 2fa, etc..

 

What these companies should do is say look here - we offered every possible security protocol there is.. This is all the latest ###### that you can do, if the user didn't turn it on - that is not our problem!!  But not offering it as option is on them.. If user mistakes bring that to the spotlight, then I say good for user errors!

 

Its not like you have to hire top of the line security guys and spend millions on security issues... You can have people find holes in your ###### for pennies... Just have a bounty program... Hey point out where we F'd up and get X dollars.. You will have all kinds of people looking at your app trying to exploit it..

[+primortal Subscriber²]

Just adding my $.02 here.  I’ve been using, https://www.amazon.com/dp/B07KWNMB8Z/ref=cm_sw_r_cp_tai_ORucEbGN9CZWZ with 365-day battery life with no issues.

[+BudMan MVC]

That look interesting for sure... But that is a bold claim to be sure.. there has to be a like 365 days of 10 minutes a day sort of recording..   There is no freaking way that can stream video for 365 days on same battery without charge.

[+Warwagon MVC]

1 hour ago, BudMan said:

That look interesting for sure... But that is a bold claim to be sure.. there has to be a like 365 days of 10 minutes a day sort of recording..   There is no freaking way that can stream video for 365 days on same battery without charge.

I was just going to say the same thing. Even 10 mins a day for 365 days would be impressive. That would be 60 hours of video recording on a single battery.

[+Warwagon MVC]

1 hour ago, BudMan said:

What off the shelf wifi routers even support vlans for example?  Its not like it would cost them anything to have the option available - ###### ddwrt can enable actual vlan support on much of the soho hardware..  But why do all these high end mesh products not even support such basic features?  Why do iot devices not support enterprise or 802.11x, etc. etc.

Well, almost every router supports guest wifi, and assuming it's segregating devices properly put IOT on that.

[+BudMan MVC]

NO guest network is NOT the same as vlans... Not even close!!

[+primortal Subscriber²]

3 hours ago, BudMan said:

That look interesting for sure... But that is a bold claim to be sure.. there has to be a like 365 days of 10 minutes a day sort of recording..   There is no freaking way that can stream video for 365 days on same battery without charge.

It’s all motion activated, not constant recording.  Yes, trees and bushes moving because of wind will trigger the camera for A 20 second recording but setting up “activity zones” limits the false-positives. Also the amount of time of live viewing will affect the battery life.  I have 2 cameras that last about 320 days before a recharge.

[+BudMan MVC]

9 hours ago, primortal said:

Also the amount of time of live viewing will affect the battery life.

And how much live viewing do the batteries give you?  Have you tested that?  Curious..

[+Warwagon MVC]

11 hours ago, BudMan said:

NO guest network is NOT the same as vlans... Not even close!!

Never said it was the same same as vlans. But it is built into most routers and a guest network is better than nothing.

[+BudMan MVC]

Sure but problem is while that lets billy bob your guest use the internet... It doesn't allow for you to actually isolate your iot stuff and allow for any sort of pinhole access... So for example your roku device to access your plex server... It might work via a nat reflection and using the public IP... But its going to cause all kinds of issues when your plex server is saying you can access me via IP X, and the roku is on that X network via ip and mask, but can not talk to it, etc etc..

 

While sure its better than nothing, its pretty useless if trying to allow for specific connectivity securely...

 

Why not just allow for vlans?  Users don't have to turn them on if they don't want to, etc.

[Joe User]

18 hours ago, BudMan said:

Great point!!   But somethings you can blame them for - exchanging login info over clear.. This is just bonehead not thinking.. saving some money that they didn't think through..  If the only way you could set the device up was over a wire connected to the device.. Ok... But when your going to send it over wireless that could be sniffed.. And that can be forced to redo - that is not looking out for best of bread security or possible issues, etc.

 

In theory... I could sit out on the street.. deauth the ring, and wait for the owner to redo their wifi.. Now I have access to the wifi, etc. etc.

 

Do the rings support say 802.11w?  Do they support wpa2 enterprise vs just psk?

 

If you want to state your security is best of breed, then you should support all the latest and greatest protocols.. even if the user doesn't enable them and enabling them by default might cause problems... I just wish these companies would stop shaving pennies and allow the users that want to secure their ######, actually secure it.

 

What off the shelf wifi routers even support vlans for example?  Its not like it would cost them anything to have the option available - ###### ddwrt can enable actual vlan support on much of the soho hardware..  But why do all these high end mesh products not even support such basic features?  Why do iot devices not support enterprise or 802.11x, etc. etc.

I agree with you, especially about the login info and the need to add advanced security.

 

I also understand that the deauth situation chance is near zero for the average joe user and if someone is that dedicated to breaking in to your WiFi, you have much more to worry about. 

[+BudMan MVC]

deauth attacks or pretty freaking simple - for sure the 12 year old living next door can use google and accomplish it

[Joe User]

13 minutes ago, BudMan said:

deauth attacks or pretty freaking simple - for sure the 12 year old living next door can use google and accomplish it

Have you seen the range on these doorbells? They usually can't make it to the living room. Only time I would worry would be in an apartment building.

 

[+primortal Subscriber²]

9 hours ago, BudMan said:

And how much live viewing do the batteries give you?  Have you tested that?  Curious..

Not to the extent to measure how long the battery will last.    On average week I spend about 10-15 minutes of live streaming.

[Joe User]

On 12/30/2019 at 1:08 PM, BudMan said:

deauth attacks or pretty freaking simple - for sure the 12 year old living next door can use google and accomplish it

Just to clarify, Even with the range limitations, I'm not saying it isn't an issue, it's very much an issue and absolutely shouldn't have been there in the first place.  However, they did patch it, so that's better than many IoT companies.

 

[Forum staff Moderator]

This topic was automatically locked because it did not receive any replies for a year. If you want to have this topic reopened

• please contact any staff moderator or
• report the first post of the topic with the reason why it should be reopened.

Thank you.