Cheap IP camera - freedom from the cloud

tzok wrote:

Janusz_kk wrote:

to the network and I have "Xiaomi Mi TV Stick SMART 8 GB Media Player" plugged in

You know this thing has a built-in microphone

And what`s the problem if this "something" also had access to the TV camera via the HDMI CEC connector?

I am not alarmist, obsessed or anxious about the security of data on my home network.
But what you write about security does not have to be even partially applicable.
Of course, there are known techniques for isolating networks. BUT how can you be sure that it always works "to the end"?
I would like to remind you that no one except the manufacturer knows how the device works. The fact that it has software that implements the described configuration rules does not mean that these rules are implemented fully in line with our expectations.
Whether it`s a VPN or even a modem with two separate WAN ports, what`s the point if everything is powered by ONE microprocessor with one software. Literally anything can be sewn in there. And I`m afraid that, unfortunately, it sometimes happens.
We may never know about it. Or we can find out about it when these mechanisms are brutally exploited on some occasion. The perfect break-in and break-in mechanism is one that no one knows about until it is used. We simply don`t know about the best ones. None of us have heard of them and we can`t read about them anywhere, because this information does not exist in circulation.
The only almost certain solution is to PHYSICALLY isolate the network.
Why does anyone need access to data on Jan Kowalski`s network? I would like to remind you that we are quickly entering the era of widespread use of Ai. You don`t have to be a fortune teller to understand that AI algorithms equipped with residual data obtained from Jan Kowalski will be able to put together information that we have never dreamed of. From random innocent photos, emails, text messages, text documents. About us, about other people, about money, about power, about defense.
I regularly hear the same stupid argument: I am a nobody, I don`t do anything important, I have no money - IT DOESN`T APPLY TO ME. Yes, it applies to you, your family, your friends and the country you live in.

The temptation for the manufacturer to leave a loophole or loopholes is also huge. I have serious suspicions that one of the leading microcontroller manufacturers has planted backdoors of unknown purpose in their products, at least those that are sufficiently advanced. I had 2 cases that I cannot explain otherwise, because from a technical point of view they were not supposed to happen. But I will not write about it any more, so as not to expose myself to any legal consequences, because it is a very serious accusation and I cannot provide evidence (repeat the operation). I just wanted to raise awareness that systems with hardware security do not necessarily guarantee code security.

My colleague above wrote about holes in the software and about deliberate actions of producers.

I certainly agree with my colleague about the first one, but not necessarily about the second one (but I also have no evidence that it doesn`t happen). However, none of these arguments is a reason NOT to protect yourself. On the contrary - in today`s world where even a refrigerator is connected to the cloud, such devices should be separated from the utility network.

Even my children have their own network. I hope that my colleague understands what could happen if children found something from the Internet.

Added after 1 [minute]:

analog_6 wrote:

I will not write about it any more so as not to expose myself to any legal consequences

Please describe it without mentioning the brand.

tzok wrote:

You know this thing has a built-in microphone

NO you surprised me a bit.

Specifically, the remote control for this wonder has a built-in microphone. Because the stick itself doesn`t work anymore, I know because I recently repaired something like this for a friend.

So it`s better not to tell the pilot too much about your secrets 😀

I also have the impression that some smartphones are also "eavesdropping" on us. Lately, whenever I talk to someone about something, advertisements related to it pop up...

kris8888 wrote:

...
I also have the impression that some smartphones are also "eavesdropping" on us. Recently, whenever I talk to someone about something, then advertisements related to it pop up...

I need to see what ads my wife sees

Erbit wrote:

My colleague above wrote about holes in the software and about deliberate actions of producers.
I certainly agree with my colleague about the first one, but not necessarily about the second one (but I also have no evidence that it doesn`t happen). However, none of these arguments is a reason NOT to protect yourself. On the contrary - in today`s world where even a refrigerator is connected to the cloud, such devices should be separated from the utility network.
Even my children have their own network. I hope that my colleague understands what could happen if children found something from the Internet.

No doubt, I already wrote about it on the previous page.

Quote:

analog_6 wrote:

I will not write about it any more so as not to expose myself to any legal consequences

Please describe it without mentioning the brand.

This information cannot be isolated from a specific manufacturer. I can only say that through the regular serial port of the processor it was possible to change the content of the flash area, which was not only not supported by my software but, above all, was protected from everything by fusebits. And I am not able to repeat these cases because the serial port was fed largely random information for a long time, also not maintaining the baudrate.
After analyzing everything and making sure that there was no obvious error on my part, I came to the conclusion that either there is an error in the core that is not described in the errata (I have come across such stories more than once) or the processor has a backdoor planted as a result of the company`s cooperation. with security agencies like the NSA. Certain indications show that similar actions have been in practice for several years.
I have also had several or a dozen cases of memory corruption, but I always blamed it on strong electromagnetic interference (from mobile phones) when writing operations to unprotected flash or eeprom. However, there is no hidden meaning here.

tzok wrote:

A VPN server with a fixed IP is a sure and constant target of attacks ;)

Janusz_kk wrote:

to the network and I have "Xiaomi Mi TV Stick SMART 8 GB Media Player" plugged in

You know this thing has a built-in microphone

He has Alex too. Most TVs also have a microphone in the remote control. Your smartphone also has a microphone.

bumble wrote:

tzok wrote:

A VPN server with a fixed IP is a sure and constant target of attacks ;)

Janusz_kk wrote:

to the network and I have "Xiaomi Mi TV Stick SMART 8 GB Media Player" plugged in

You know this thing has a built-in microphone

He has Alex too. Most TVs also have a microphone in the remote control. Your smartphone also has a microphone.

no one collects data from microphones anymore - people don`t talk anymore these days It`s a waste of space for such metadata.
All voice assistant projects are also reduced and not developed - they are not profitable (like Siri or Alexa)

It`s an interesting discussion, so I thought I`d ask about something that I haven`t been able to figure out for some time, and maybe someone more knowledgeable would be able to explain it to me.
Well, I have several smart switches and detectors at home, working in the cloud, communicating via WiFi and managed by the Tuya Smart application. The Tuya Smart application has information about each device, including its Virtual ID, IP address (external, variable, currently assigned by the Internet provider`s server), MAC address, WiFi signal strength. And everything would be fine, the detectors and switches provide the same external address, consistent with the address that also appears, among others, in the Speedtest application, except for one motion detector, which provides a completely different IP address. The first two octets of the address match, but the last two octets are completely different. Its address is from the pool of public addresses, it starts with 37. Also the other detectors and switches.

I was already worried that this one detector might be accidentally connected to the neighbor`s WiFi network, but no, it is visible in the list of devices in my router. Her MAC address matches, she even has an internal IP address assigned within my local network.
Please note that I do not use VPN, VLAN or port forwarding in the router. I also don`t have a permanent public address. I only use IPv4 in the router, IPv6 is disabled. When registering the detector in the network, like all the others, I entered the Wifi network name and password, I did not use WPS.
I even tried to ping the other external address provided by this one detector, but it does not respond.

I have already reset the detector twice and registered it again in the network and still the same thing. What this is about? Could it just be a software error in the detector and incorrect reading of the IP address by the application? But is it a more serious matter?

The most logical thing seems to be that it was once registered from this address (since you have a variable one) and now, regardless of which address it is registered from, it still shows the old one, i.e. some error in the cloud software.

Well, that would be a bit weird, but possible. However, in the meantime, I also deleted and re-registered other detectors and switches, and after re-registration, all of them provide the correct, currently assigned external address from the Internet provider. Only this one sensor is a bit stubborn. But the fact is that all detectors and switches have their own internal memory and even after deleting them from the application, they remember their "personalized" name and perhaps also remember the last IP address from which they were registered.

I still have strange problems with this detector, it registers to the cloud very clumsily, and sometimes it can falsely change the output state. I suspect its software is fake. I`ll get rid of her sooner or later.

analog_6 wrote:

It was connected to the LAN, of course, but it did not have a configured gateway, which did not have an obvious address. And I was quite surprised when this disk started informing me about available updates... So...

This case confirms my thesis that despite the efforts of the most advanced IT nerds, we will not be able to protect ourselves from an attack in the "W" hour. We are not able to disassemble the software of all imported equipment or its updates, which, as you can see, can be downloaded without our help and probably knowledge.
Maybe all this imported equipment has a code embedded in it that will respond to some command sent from the Far East by firing the CPUs or blocking them? In this way, the entire country can be turned down and darkness and silence will fall.

darekRD wrote:

This case confirms my thesis that despite the efforts of the most advanced IT nerds, we will not be able to protect ourselves from an attack in the "W" hour.

I do not agree with you. Perhaps at your level of understanding the problem you see it this way, but you are wrong.

After quite a few years of happy sales of subsequent generations of processors, it turned out that you can mess with Intel`s BIOS.
Anyone knew about this all this time? Or maybe no one?

Of course we can`t. There is an endless amount of network equipment being created, and each of them has several versions of official or unofficial software. Often of unknown origin, downloadable from various, more or less (un)sure places. Who checks it? Who will check it? Certainly not even a whole herd of pimply people equipped with RedBull and Snickers wagons.

In electronics, I have often encountered things that either no one knows about or knows but doesn`t talk about. I saw errors that entire multilingual forums were debating about and no one seemed to know the reason. Because no one took a PROPER look.
The best advice is this - don`t be a deer, don`t buy junk, don`t install anything shiny, don`t overload yourself with network equipment because your house won`t be "intelligent" for a penny anyway. Before you buy something, ask yourself whether you actually need to have it.
A good alarm/security/surveillance system is not one that can be bought for the proverbial PLN 100 on a website, but one that is unpredictable and incomprehensible to the attacker.

Erbit wrote:

at your level of understanding the problem

Well... Your level of understanding the problem is obviously much higher, so I`m definitely wrong. How I don`t want to be right!
And TVs and telephones do not eavesdrop or spy on users, and software and hardware producers do not report to the secret services. The old and probably already deactivated Echelon is a fairy tale made of moss and ferns and there is nothing newer, that`s for sure. I want to wake up and be wrong.

darekRD wrote:

Your level of understanding the problem is obviously much higher, so I`m definitely wrong.

Exactly as you wrote. Communication in the TCP/IP network is described and specified. If you know it at least as well as I do, it becomes clear that you are wrong in your guesses and the described case and its understanding result from your ignorance. The lack of a gateway in the device (lack of this information in the device panel) means no security. As you can see, the device somehow managed to "find" this gate and use it. Packets should be killed in the firewall.

You don`t have to be offended or look for subtext in my statement. I simply know how to stop such unwanted communication, and apparently you don`t know and are drawing wrong conclusions.

>>20959686 I have a camera that runs with "ease life app" do you know if there is a way I can use it with tinycam monitor app. Tell me if you need any information please

>>20959686 .
And is it possible with some simpler language as for a layman (that's me)
I have such a camcorder and can't store data on a network drive at home.
Please help🤗

Thanks for the super solution. And does this camera work with a surveillance kit?
Greetings

darekRD wrote:

And televisions and phones do not eavesdrop on users, do not peep, software and hardware manufacturers do not report to the secret services. The old and probably already deactivated Echelon is a moss and fern tale and there is nothing newer, surely. I want to wake up and not be right.

Sorry to be so late... but it occurred to me after time.

"Eavesdropping" of which you have written extensively is only possible while a transmission is in progress (e.g. during a telephone conversation). It is not possible when this transmission is not taking place (there is no communication going on) - although many believe that the cameras in laptops are "still recording them" and the phones are "still listening" and still "reporting to google" and then to "intelligence", "the state" , "tax" or whoever you want.
I find the sealed webcams on laptops funny - and if you don't understand I'll ask why they don't seal the webcams on their smartphones, which they even take to the toilet!

Why is it possible to do this while the call is in progress and no longer after disconnection ? Because during the call the transmission can be intercepted "anywhere" because it is in progress - after the disconnection any attempt to send "recorded sound or image" would involve .... transmission and would immediately be noticed by people like me (those who know at least a little bit about it).

I assure you that my phone neither eavesdrops on me nor peeps at me when a conversation is not in progress. If anyone claims otherwise, then yes, these are 'moss and fern stories'.

@Erbit I can assure you that the Polish police already used "lying-on-the-table-only" phones to conduct wiretapping more than 10 years ago.
You may remember the photo of Mark Zuckerberg with his laptop in the background? That laptop had a camera taped up.

But no worries, the grey man doesn't have to worry about anything like that. His stolen data is being used in a more 'massive' way.

metalMANiu wrote:

I assure you,

.
I deal with networks professionally. I know what my devices are sending and to whom. I am not saying that this is impossible - I am saying that such traffic does not happen by "owning" the device itself and "being tracked by the manufacturer" but happens after software is installed - i.e. you have to be a significant target to have such software installed for you.

I would also argue that there is no such thing as "Google is bugging us".

metalMANiu wrote:

But no worries, the grey man need not worry about any such thing.

.
Exactly right.

metalMANiu wrote:

His stolen data is used in a more 'massive' way.

Exactly right.

Google's Android system, as soon as it has internet access sends so much encrypted data that we don't know what it is sending.