When analyzing my router logs I discovered all 3 of my amcrest cameras were sending data to a server on the internet I blocked the traffic while I get new cameras. Back doors like this are a violation of customer trust and personal security/privacy. I am still surprised how people are so eager and willing to allow this stuff to happen one reason I could never trust any manufacturer that requires a connection to their servers on the internet to work
Are you saying the cameras do or don’t work locally when they are blocked by your firewall?
Was this a back door or a requested feature? Were they sending actual images, or were they just registering with their own DNS forwarding service to make it easier for owners to view remotely without setting up a static IP or a paid DNS forwarding service?
It depends on the user. Most people are lacking any real knowledge on their network setups and asking them to configure their own port rules is too much. The DNS services for automatic remote access/viewing has really helped bring IP cameras into the mainstream along with saving companies a ton of money on tech support...but I agree on the need for better transparency with the included services in the products. :)
You might be able to disable the DNS access and use your own routing but that feature is becoming scarce these days.
Take a look at the below article before buying another brand though. There were a bunch of IP cameras identified last year with vulnerabilities.
It definitely was not a requested feature! It is also not configured to get dns information. I manually configure all my cameras. It works fine locally and it also works on the net with the invasive ports blocked. What I see are requests from some unknown server on the net using some obscure port like 15632. Different ports for different cameras. I suspect the camera is sending data out the configured port and responding to requests from these mystery ports. I have about 8 cameras and only the 3 amcrest cameras are targeted. Fortunately requests to the configured port require name and pass to get a response.
With these ports blocked I see no traffic in or out of my net except for mu own! An FYI reolink also has a back door that was documented elsewhere on the internet. Beware of what you buy! Even Ring Screws with your camera. Updates in their server will render your camera non functional until you do a firmware upgrade. I refuse to pay for subscriptions of any kind!
I am security myself security and privacy paranoid!
Amcrest back door
Posted - 07/29/2019 : 7:29:44 PM
