The ONLY app that could now be invoking the connection was the Chinese "WansView" camera viewer/management app. Once again, I saw my phone trying to connect to a bunch of public IPs all from a range beginning with " 117.50". Nothing else talks on the interface " WLAN12" other than the cameras and my phone running their app. 3) Start the iPhone app " WansView" while watching the app start and and see what it and the cameras attempt connections to. Testing Methodology: 1) Close all apps on iPhone. That design cannot be achieved if you break the encrypted backchannel to China from the iPhone running the App. Otherwise, being security cameras they were to be ring-fenced from the 'net. To view them outside the local network, I an IPsec VPN connection would be required. My security design was that these cameras can only talk and be reached on a local (non-Internet routable) RFC-1918 address. Alarmed, I decided to do a proper test to exclude anything else opening that connection other than the Chinese camera app.
Watching the traffic on the interface I saw that my phone was trying to open an HTTPS connection to a Chinese IP address. If you block it, it breaks connectivity between the cameras and the management app on the iPhone. Well, I found the reason why the app couldn't connect to the IP cameras: the camera app has a dependency on an HTTPS backdoor to China. So I took a closer look at the traffic on the IP Camera subnet. I thought: That's odd: my phone is on the same subnet as the cameras and I poked the necessary holes for everything to talk on. Oddly though, the app on my iPhone could not connect to them. Nothing but those cameras and my iphone running the management/viewer app are connected to that subnet. If you have Chinese IP cameras in your home or workplace, I suggest you read about my experience with them.īeing anal about IT security, after buying (4) Chinese IP cameras- which have not only video but two-way voice- I setup a separate wireless subnet for these thingies to live in to isolate them from the rest of my network. UPDATE: Almost a year to the day of writing this article, the world's largest IP camera company is now banned BY-LAW in America and I've coded an opensource solution called " open-ipcamera" which provides enterprise-class motion detection cameras with 100% certainty no third-parties have a backdoor into your cameras:
0 kommentar(er)
