Wireless IP camera - how secure is it from unauthorised access

Forums › Home Workshop DIY › Wireless IP camera - how secure is it from unauthorised access

paulchinnz

Circumspice
793 posts

Ultimate Geek

Trusted

Lifetime subscriber

#255504 14-Aug-2019 20:32

I've just got a wireless IP camera (SANNCE Home Security IP Camera) in my home garage to solve a classic 'external' access garage question of 'did I close the garage door'.

It's connected to the wifi (fritzbox using WPA2 network key).

The app associated with the camera (Joylite) shows the camera's view of the garage, live, regardless of what network my phone is connected to (mobile network 4g, my work's wifi etc). I haven't set up any port forwarding.

So I no longer have to head outside to have a look at the garage.

But the spectre of another problem has arisen: is my camera another netcam that's on the likes of shodan.io and viewable to the world??

timmmay

20574 posts

Uber Geek

Trusted

Lifetime subscriber

#2299446 14-Aug-2019 20:36

Don't make the camera available on the internet, make it available only on your LAN. Set up a VPN from your phone (or anywhere else) to your Fritzbox, effectively putting your phone on the LAN, where you can securely view the camera. I say how I did it in this thread.

paulchinnz

Circumspice
793 posts

Ultimate Geek

Trusted

Lifetime subscriber

#2299448 14-Aug-2019 20:44

Thanks

If I've understood correctly, those steps help to secure how my phone views the camera.

The next question: can any one else can access the camera as it is set up currently? i.e. without my phone.

By the way, I linked the camera to my phone by using the app on my phone to scan the QR code on the camera. Can anyone else view the camera without going through the QR code step?

timmmay

20574 posts

Uber Geek

Trusted

Lifetime subscriber

#2299449 14-Aug-2019 20:46

You haven't fully understood. You don't make your camera available on the internet, you just make it available on the local network. Cameras aren't automatically available on the internet, this has to be enabled by port forwarding or software built into the camera. Just keep it on the LAN, and get yourself remote LAN access.

freitasm

BDFL - Memuneh
79250 posts

Uber Geek

Administrator

ID Verified

Trusted

Geekzone

Lifetime subscriber

#2299467 14-Aug-2019 20:55

From the OP, seeing you didn't create any port forward then the camera should be safe.

From the OP description (app, no port forwarding) it seems the stream goes from the camera to the cloud servers and from the app to these same servers - similar to Ring devices.

davidcole

6029 posts

Uber Geek

Trusted

#2299472 14-Aug-2019 21:07

But even though that better than port forwarding or other things it could do. It relies on the cloud server being secure and maintained.

The only 100% way to secure it is not allow any internet access (ie block the camera from the internet). Which will stop the app from working.

Previously known as psycik

Home Assistant: Gigabyte AMD A8 Brix, Home Assistant with Aeotech ZWave Controller, Raspberry PI, Wemos D1 Mini, Zwave, Shelly Humidity and Temperature sensors
Media:Chromecast v2, ATV4 4k, ATV4, HDHomeRun Dual
Server Host Plex Server 3x3TB, 4x4TB using MergerFS, Samsung 850 evo 512 GB SSD, Proxmox Server with 1xW10, 2xUbuntu 22.04 LTS, Backblaze Backups, usenetprime.com fastmail.com Sharesies Trakt.TV Sharesight

timmmay

20574 posts

Uber Geek

Trusted

Lifetime subscriber

#2299475 14-Aug-2019 21:26

davidcole: But even though that better than port forwarding or other things it could do. It relies on the cloud server being secure and maintained.

The only 100% way to secure it is not allow any internet access (ie block the camera from the internet). Which will stop the app from working.

I have a wireless IP camera that works just fine on my LAN without any internet access - I blocked it at the router. If i want to view it externally I VPN into my LAN.

paulchinnz

Circumspice
793 posts

Ultimate Geek

Trusted

Lifetime subscriber

#2299476 14-Aug-2019 21:26

Thanks both.

timmmay is right that I haven't understood, but I understand now.

freitasm on to something - it depends on the security of the SANNCE cloud servers.

So those unsecured netcams generally have port forwarding set up?

Equinox IT

Cloud spending continues to surge globally, but most organisations haven’t made the changes necessary to maximise the value and cost-efficiency benefits of their cloud investments. Download the whitepaper From Overspend to Advantage now.

freitasm

BDFL - Memuneh
79250 posts

Uber Geek

Administrator

ID Verified

Trusted

Geekzone

Lifetime subscriber

#2299479 14-Aug-2019 21:30

paulchinnz:

freitasm on to something - it depends on the security of the SANNCE cloud servers.

So those unsecured netcams generally have port forwarding set up?

Generally, yes,

paulchinnz

Circumspice
793 posts

Ultimate Geek

Trusted

Lifetime subscriber

#2299483 14-Aug-2019 21:37

Thanks all.

@timmmay, I think the reason for my non-understanding is misinterpretation of your first post:

I read "Don't make the camera available on the internet, make it available only on your LAN. Set up a VPN from your phone ..."

as "Make your camera available only on your LAN by setting up a VPN from your phone..."

davidcole

6029 posts

Uber Geek

Trusted

#2299511 15-Aug-2019 06:27

timmmay:
davidcole: But even though that better than port forwarding or other things it could do. It relies on the cloud server being secure and maintained.

The only 100% way to secure it is not allow any internet access (ie block the camera from the internet). Which will stop the app from working.

I have a wireless IP camera that works just fine on my LAN without any internet access - I blocked it at the router. If i want to view it externally I VPN into my LAN.

Exactly. Sorry so if blocking the camera from the internet the app may or may not work locallly. But won’t by the internet unless you work out some sort of vpn access to your network