this post was submitted on 09 Sep 2023
887 points (99.3% liked)

Technology

59436 readers
3812 users here now

This is a most excellent place for technology news and articles.

Our Rules

  1. Follow the lemmy.world rules.
  2. Only tech related content.
  3. Be excellent to each another!
  4. Mod approved content bots can post up to 10 articles per day.
  5. Threads asking for personal tech support may be deleted.
  6. Politics threads may be removed.
  7. No memes allowed as posts, OK to post as comments.
  8. Only approved bots from the list below, to ask if your bot can be added please contact us.
  9. Check for duplicates before posting, duplicates may be removed

Approved Bots

founded 1 year ago
MODERATORS
L3s@lemmy.world
L3s@fry.gs
L4s@fry.gs
L4s@lemmy.world
enu@lemmy.world
887
Wyze security camera owners reported that they could briefly see feeds from cameras they didn’t own (www.theverge.com)
submitted 1 year ago by dantheclamman@lemmy.world to c/technology@lemmy.world
118 comments fedilink hide all child comments
you are viewing a single comment's thread
view the rest of the comments
[–] GlitzyArmrest@lemmy.world 203 points 1 year ago (35 children)

Cameras connected to the public internet are such a bad idea.

[–] realharo@lemm.ee 19 points 1 year ago* (last edited 1 year ago) (5 children)

It would be fine if the footage was end-to-end encrypted, meaning you need to transfer the encryption/decryption keys from device (e.g. a phone) to camera, and then manually between all devices that should have access to the decrypted footage.

Camera would only ever send out encrypted footage, and thus it would be insufficient to have access to the cloud account if you want to view the footage - you would need both access to the account (to obtain the encrypted data) and the decryption key (to actually decrypt it). The decryption key must never reach any 3rd party servers and can only be manually transferred between devices that should have access.

There are still possible attack vectors, like malicious firmware updates, or the viewer client app updates, but those are very difficult to exploit, and pretty much exist in most "secure" software today (including from companies like Google, Apple, Meta, etc.). They could be mitigated by hardware design (do the encryption in hardware, camera's software never has access to decrypted footage) and open source viewer clients that the user controls, but I would consider a camera sufficiently secure (for non-sensitive locations) without those.

[–] PeterPoopshit@lemmy.world 5 points 1 year ago (4 children)

How would I encrypt an rtsp stream so I can port forward it and then how to I unencrypt that stream for use on a local server?

[–] realharo@lemm.ee 5 points 1 year ago

I guess you wouldn't. Use a different protocol, one that supports the security you need.

load more comments (3 replies)
load more comments (3 replies)
load more comments (32 replies)