How does an IP camera work?
An IP camera is a device that connects to our home wired or WiFi network, this IP camera has a private IP address to view the camera from the home local network. IP cameras do not allow you to view or manage them outside the local network, if you wanted to see them from the Internet you would have to open a port in the NAT of your router, and later you could view them. A very important detail is that, generally, this type of network traffic is not encrypted, therefore, it would be highly recommended that your camera uses secure protocols such as HTTPS for communications, otherwise, it is not safe to use it because a malicious user It could do a Man in the Middle attack and capture all the communication information.
A solution to the insecurity of the communications of the IP cameras, as long as they do not support secure protocols, is to mount a VPN server in our house. In this way, we can connect safely from the Internet to the VPN server in our house, and later communicate with the IP camera using its private IP address, without having to open any port (only the port of the VPN server). Using a VPN to view cameras is a very interesting function, because we add a layer of security, confidentiality is improved as well as client authentication. Another possibility is to mount an NVR server in our home that is responsible for viewing one or more IP cameras, there are NVR servers that allow us to connect from outside using secure protocols such as HTTPS, in this way, this NVR server would be a “bridge” with the IP cameras of our home.
Currently, pure IP cameras are no longer sold for domestic use, due to problems when configuring and viewing it, having to open ports or using VPN for it. Now what is most used are Cloud cameras, whose internal operation is somewhat more complex, but for the user it is much simpler.
What is a cloud camera
A Cloud camera is a device that connects to our home wired or WiFi network, obtaining a private IP address behind NAT. This type of IP cameras are the most used, because they allow us to manage and view them both from the local network and from the Internet, without the need to configure complicated VPNs or worry about security, since this aspect is delegated to the manufacturer of the Cloud camera. that we have bought.
The operation of this type of cameras consists in that they connect directly with the manufacturer’s cloud server, later the client with the mobile app will also connect to the manufacturer’s Cloud, and this Cloud will be in charge of showing us our Cloud camera of the home. This process allows us not to have to open any type of port in the NAT, in addition, all communications from the camera to the Cloud use encrypted protocols such as HTTPS, so the confidentiality of our communications is guaranteed.
The only thing that we must take into account when using this type of camera is to protect both the username and the password to access the app or the manufacturer’s Cloud, otherwise, any user could connect to your account and view all the cameras. In addition, another important aspect is that the security of the manufacturer’s cloud authentication depends on the manufacturer itself, for this reason it is so important to know how to choose the manufacturer well. Manufacturers such as D-Link, EZVIZ or Xiaomi are very popular, with very good products and also with very robust cloud security, so we recommend using these brands.
Dangers of cheap cameras
That a manufacturer has a Cloud through which all the camera traffic passes is something that costs money, for this reason, a large number of “Chinese” IP camera manufacturers make use of P2P networks to solve these problems. These types of cameras use a known serial number and users will be able to connect to the camera in the same way that they connect to Cloud cameras, but in this case we have the following problems:
- There are manufacturers that have vulnerabilities and you could calculate the serial numbers and discover the devices. A malicious user could connect directly to the camera.
- Man in the Middle attacks could be carried out over the Internet, exposing credentials and confidential information.
While these cameras promise end-to-end data encryption, a wide range of devices have been found not to do so, or to use insecure encryption or insecure implements. Even if you use a password to access the camera, you would also be at risk because there is no data encryption or it is poorly implemented, and the keys could be captured. These types of cameras, in general, are not safe and their use is not recommended, in addition, they could make use of our Internet connection bandwidth in order to use us as a “relay” for their P2P camera platform. We recommend you visit the website of hacked.camera where you can find a brief investigation on this type of cheap cameras that use P2P networks.
As you have seen, it is very important which IP camera or Cloud camera to buy, and connect safely. Our recommendation is to buy Cloud cameras from manufacturers such as D-Link, EZVIZ or Xiaomi, manufacturers that do care about the security of their devices, and that continually release updates to fix bugs and improve the devices.