Forum Replies Created
This is a shame because the most difficult part, the hardware, is pretty good. My cameras have been outdoors for a few years now and they keep giving. Not even a bit of rust anywhere.
Please, Reolink, fix the software. You are even running standard firmwares, based on Linux, it should be relatively easy to include the modules required to allow for what we are asking, and then more!
Feel free to get in touch if you need a deeper explanation of what we are asking and the reasons why it's important, but don't ignore our concerns or you will keep loosing clients.
Reolink has been saying the same for 2 years. This issues was first raised on April 2017, and the answer was very similar to what you just said.
Reolink products are great in terms of functionality and reliability, but without either:
- A pre-installed certificate, signed by a trusted Certificate Authority
- The ability for us (owners) to install our own certificates
- The ability to shutdown all HTTP (unencrypted) traffic
The cameras are inheritenly insecure and open to many attacks. CCTV images are obviously very private and ReoLink should offer us a better option than just hope for the best.
Are there any updates on this?
The current setup is not secure, as anyone can create a certificate and perform a man-in-the-middle attack, since the ”Issued by reo-link, Issued to reo-link” offers no guarantees. See the attached picture for an idea of what the invalid certificate looks like to the eyes of a safe browser like Chrome.
One option is to provide the cameras with a certificate signed by a trusted authority, but that's going to cost Reolink money.
The cheap alternative is to let people install their own certificates on the cameras so that they can trust their own.
Could you please follow up on this? If you are serious about security this is a must-have feature.
The other feature that's required is the ability to disable non-secure (HTTP) access. At the moment you have to set the HTTP port to a low number (try 1) to achieve that effect, but I have no guarantee it works.