January 15, 2019 at 9:03 pm #199801
I've bought 2 C1′s which I would like to use as babycams. I found it very nice that I can view the stream even outside my house but I actually thought that this is not possible with the reolink cams. That was actually the reason why I chosed reolink – to not have this cloud feature which is in my eye as an IT security guy a bit risky.
Is there a proper way how to turn it off so I can view the stream only @ home or when connected to my home's VPN? If not I would need to find to ”whom” the camera is talking and just block traffic on the firewall. But I'd prefer the ”clean” way.
Also I wonder how I can get the audio from the camera. Talking to the camera works quite nice but I can't get any audio back. This speaker symbol above the screen is unmuted. Do I need to enable something else?
I'm also running ZoneMinder for a couple of other cameras. Where can I find the URL how to add the C1′s to ZoneMinder?
Is there also the possibility to fetch stuff from the cameras SD card via FTP or so?January 16, 2019 at 7:45 am #200051
By design, Reolink cameras register their UID with Reolink's cloud service. This is how the Apple and Android apps ”find” the cameras. I queried my router ”open ports” table and found that all 5 of my Reolink cameras maintain open connections to 126.96.36.199 (Amazon Web Services). My guess is if you block that IP, (1) you will eliminate the security hole, but (2) your Reolink apps will no longer be able to view your cameras when not at home. (That's where ZoneMinder comes in? Or, if you run a VPN, I guess you could use the HTTP/HTTPS capability.)
My cameras have the sound turned off. (no help there, sorry)
I have no experience with ZoneMinder. The ”Hardware Compatibility List” does not include Reolink. I am a bit confused, because that list mentions cameras that are ONVIF compliant. Reolink C1 cameras support RTSP (Real Time Streaming Protocol), which is the example used in the ZoneMinder User Guide. (ONVIF vs. RTSP? Here, you are WAY ahead of me.) When I do a port scan on one of my Reolink cameras (sorry, not a C1) I find HTTP, HTTPS, and Port 554 (rtsp). VLC Media Player streams from my Reolink cameras, so their implementation of RTSP seems to work.
The Reolink Windows client reports using port 9000. I have no idea what that's all about.
Reolink cameras support FTP, but not FTPD (server). My cameras FTP motion files TO my FTP server just fine.
I don't know that any of this is helpful. Good Luck!January 16, 2019 at 8:07 pm #200200
188.8.131.52 has port 22 opened, nice. So I wonder already why this wasn't hacked so far. I will check what kind of data the camera is sending there and maybe block that connection completely.January 17, 2019 at 4:03 am #200372
It is no surprise to me that Reolink is using Amazon Web Services as their cloud platform. Most of the Internet of Things devices that I own seem to use Amazon or one other cloud service. It might be worth considering that EVERY Internet service that does anything at all has ”open ports” (email and HTTP/HTTPS being the most common but there are lots more). The majority nowadays seem to use encrypted data paths.
My initial thought is that companies have chosen this design because the hole through the firewall is ”one way”. i.e. the devices opens a port to a specific IP address. I do not know any method to query a router from the outside and discover that these pathways exist. Messages can come in only from that specific IP. I guess they could hack AWS, in which case I imagine they would go after web commerce sites first, rather than consumer cameras.
Of course, if you get the cameras hooked up to your ZoneMinder, then you can block AWS and security of your VPN is the main risk. My guess is the camera will function without connecting to Reolink's cloud.
You must be logged in to reply to this topic.