
Security Analysis of a Cheap Chinese IoT WiFi Camera - milankragujevic
https://eriknl.github.io/reverse-engineering/2017/09/07/WiFi-camera.html
======
milankragujevic
I had that camera, and got root access in 30 seconds (user: root, password:
[blank] in my case, it was DOG-1WNEW)

[https://i.imgur.com/jZYxETN.png](https://i.imgur.com/jZYxETN.png)

I returned it to the store for a refund. No way such a thing is going anywhere
near my network or my home.

Also, it seems the manufacturer Cylan has not learnt anything, as new models
also have gaping holes: [https://github.com/offensive-
security/exploitdb/blob/8cbfa5d...](https://github.com/offensive-
security/exploitdb/blob/8cbfa5df7f3b17199106a2ddf4804b5778516f27/exploits/hardware/webapps/46993.txt)

Shenzhen Cylan Technology Co.,Ltd -
[https://www.crunchbase.com/organization/shenzhen-cylan-
techn...](https://www.crunchbase.com/organization/shenzhen-cylan-technology-
co-ltd)

The offending camera: [http://www.jfgou.com/camera/camera-
wifi2/](http://www.jfgou.com/camera/camera-wifi2/)

A teardown: [http://sirlagz.net/2017/11/20/reject-shop-special-home-
secur...](http://sirlagz.net/2017/11/20/reject-shop-special-home-security-
wifi-camera-teardown/)

------
Uninen
I'd be interested to know if these type of cheap cameras are safe to use after
fixing / replacing the default firmware or does the hardware itself have some
kind of backdoors to allow easy exploits even if the firmware is updated.

~~~
grawlinson
It's common practise to put these devices on their own VLAN that is completely
isolated from network access, except for the controller device (NVR, etc).

I'd consider these items completely and utterly unfit for purpose, even these
from branded manufacturers.

~~~
milankragujevic
Well, AFAIK, the so-called Cloud cameras that don't require (nor support) an
NVR must be allowed to call-home, whether for setup or regular functioning.
They don't do anything inside the LAN. That way they can be easily watched
from anywhere, as they don't require open ports on the router, and can work
even behind CGNAT. The obvious downside is the video is sent to the company's
servers, and given how cheap the device is and how expensive storing and
streaming video is, you can bet they're monetizing it somehow...

