Forum General Discussion Reported security flow in Reolink cameras, what is the status

This topic contains 8 replies, has 6 voices, and was last updated by  jonasdavid611 7 months, 3 weeks ago.

Viewing 9 posts - 1 through 9 (of 9 total)
  • Author
    Posts
  • #223784

    coldevening
    Participant

    Hello,
    As it was reported yesterday by Tom's Guide (read the article here https://www.tomsguide.com/us/smart-home-security-despair-rsa2019,news-29601.html ), there is a Telnet vulnerability in Reolink cameras which allows full control of the camera including installation of cryptocurrency-mining malware.

    ”Alex ”Jay” Balan of Bitdefender showed RSA attendees that four different cheap Chinese security cameras sold under the Geenker, Keekoon, Reolink and Tenvis names had terrible security. Most could be accessed over the internet via Telnet, the 1970s network protocol with no encryption. Anyone with mid-level coding skills could dial into the cameras from anywhere and watch you at home. (UPDATE: Reolink reached out to us to say it had patched the flaws with a firmware update.)”

    The article mentions that Reolink has patched the flaws with an update. What is the current situation with the installed firmware? For example, I have multiple RLC-420 and RLC-422-5MP cameras. What version of firmware should I have to make sure the security vulnerability is addressed? Thank you.

    #223823

    carbonita
    Participant
    #223848

    Crimp On
    Participant

    I have not done a firmware update recently, and I just now confirmed that my Reolink RLC410-WS and Argus cameras do not respond to telnet. ”Connection refused.” No chance to log in or anything. Do not have a C1 camera, so have no idea if there was a vulnerability in that model.

    #226466

    Carl
    Keymaster

    Hello,
    As it was reported yesterday by Tom's Guide (read the article here https://www.tomsguide.com/us/smart-home-security-despair-rsa2019,news-29601.html ), there is a Telnet vulnerability in Reolink cameras which allows full control of the camera including installation of cryptocurrency-mining malware.

    "Alex "Jay" Balan of Bitdefender showed RSA attendees that four different cheap Chinese security cameras sold under the Geenker, Keekoon, Reolink and Tenvis names had terrible security. Most could be accessed over the internet via Telnet, the 1970s network protocol with no encryption. Anyone with mid-level coding skills could dial into the cameras from anywhere and watch you at home. (UPDATE: Reolink reached out to us to say it had patched the flaws with a firmware update.)"

    The article mentions that Reolink has patched the flaws with an update. What is the current situation with the installed firmware? For example, I have multiple RLC-420 and RLC-422-5MP cameras. What version of firmware should I have to make sure the security vulnerability is addressed? Thank you.

    Hi, please refer to https://support.reolink.com/hc/en-us/sections/360002374874-Firmware to download the latest firmware to fix this issue.

    #227012

    coldevening
    Participant

    Thank you very much, all

    #248483

    davidptaylor74
    Participant

    Hi I just bought an Argus pro , do i need to update the firmware ? , my firmware is 0530_94_107_24 not sure wich one i need to download from here ?

    https://support.reolink.com/hc/en-us/articles/360021715373-03-21-2019-Firmware-for-Reolink-IP-Cameras-IPC-3816M-

    #248486

    Carl
    Keymaster

    Glad to help you solve this problem. The firmware upgrade for the battery-powered camera is different from other cameras. If you've enabled the auto upgrade in upgrade setting page, you don't need to upgrade the firmware manually anymore. Please refer to Enable Auto Upgrade for Battery-powered Cameras.

    #248490

    davidptaylor74
    Participant

    Hi Carl thank you for getting back to me so quick , I love the auto update feature its really easy to use , just checked and enabled it
    thank you !

    #390797

    jonasdavid611
    Participant

    To monitor the activities of employees at the office or the child at home or any intruders entering the house, security cameras always played a vital role. I will personally recommend to use Arlo camera as I have personally used this one, it is by far the best security cameras I have ever used. It is basically HD Smart security camera which comes with great inbuilt features like it is weatherproof, it has night vision, motion detection features also it is completely wireless.Thereby after installing the camera just download arlo app for pc and it is all ready to operate.

Viewing 9 posts - 1 through 9 (of 9 total)

You must be logged in to reply to this topic.