http://blinkforhome.com/
First mentioned here by Jason
http://th3core.com/talk/hardware-technology/monitoring-people-in-a-house/msg40169/#msg40169
I'd be really careful about putting something like this on my primary WiFi. these IoT devices are often a huge security hole to your network...even if they're "security cameras". I didn't see mention of network security, encryption or any of the other security for the system itself and how it communicates to the mothership. Not a good sign.
If you're going to use these buy a cheap WiFi router just for this Blink system. Don't let this mingle with your primary WiFi. Better yet, buy a 2nd router (not WiFi) and daisy chain them to your primary router. That will prevent this from becoming a potential security hole itself. I don't trust these things.
>>daisy chain them to your primary router
That's what we do in our home for guest wifi. Guests log in via wifi, but on a router that is hardlinked to the main router. I imagine someone who really knows what he's doing can get access to the main router, but it would take a lot of effort.
But I do have a weather station on the main router. However, it only broadcasts... it doesn't accept inbound communication as far as I know (you have no ability to control it, update firmware or anything like that on the unit as far as I know). But you raise a good point.
Unless you know what you're doing, guest networks run on the primary router can be compromised. True security requires a chain of at least 3 routers.
If your IoT device has any access to the outside internet there is a potential issue. You wouldn't think those lightbulbs were a threat but...
Here's a recent example of a camera system hack:
QuoteWhy the Internet of Things is a security nightmare (http://betanews.com/2016/02/04/why-the-internet-of-things-is-a-security-nightmare/)
The good guys over at Context Information Security have cracked Motorola’s outdoor security camera just to point out how the Internet of Things is still a completely unsecure industry that needs serious work.
The camera that got cracked was the Motorola Focus 73, and not only did the researchers manage to get inside, but they also managed to obtain the home network’s Wi-Fi password, take full control of the camera’s movement and even redirect the video feed.
What you need to consider is complete network separation for IoT devices.
I feel so safe when companies describe their products as non-hackable
>when companies describe their products as non-hackable
Yeah, I think even the general public writes that off as bullshit now.
Truth be told, I don't know enough about router set-up to address daisy-chaining, etc. I depend more on rural geography and distance, I guess. I'm going to have to address this one day and fix it, as the IOT -particularly on local networks- is creeping into my life.
In the meantime, Blink is a short-term solution for security and just used while while we travel. *IF* they release the firmware that lets it go local-only, I'll look at making it permanent.
I'm much less concerned than most.
I say that on the basis that if the worst and a device (or devices)is owned within my network then what can be taken from me?
In practical terms. Some Bandwidth will be stolen.
No data of any value. No credit card information. No banking stuff etc.
I am only going to lose some b/w and only in the short term until I detect something weird going on, which I regularly check for.
Having an ultra secure router, daily checks for patches to it etc is my one area of strength, and when that's balanced against all comms being SSL and then sometimes VPN within the network, I feel I am unlikely to lose anything of value. If I can't sniff it easily, and it's my network, then I know someone else is going to have a nightmare too!
Having absolute crappy satellite internet that 90% of guests can't figure out how to use even when given the SSID and password is my main defense :-)
Quote from: rcjordan on February 05, 2016, 12:48:23 PMTruth be told, I don't know enough about router set-up to address daisy-chaining, etc. I depend more on rural geography and distance, I guess. I'm going to have to address this one day and fix it, as the IOT -particularly on local networks- is creeping into my life.
It's pretty simple, and it won't cost you much (You can get cheap routers for $15 and they'll work fine for this). There's really no special router configuration you need to do. No need to set them to bridging mode or anything; The basic NAT of each router will take care of everything for you.
Think of it as a
"Y" connection rather than daisy chaining.
The setup with 3 routers is this:
- Step 1:
Internet --> hub router
This hub router doesn't need to be WiFi. Just a plain old router. Plug your line from the Internet into the WAN port of this router. You're going to be plugging your new isolated network routers into this hub.
- Step 2:
Internet --> hub router --> secure router
The secure router would be your primary WiFi/LAN router (Probably the one that you use now for everything). No changes necessary here. Everything should work the same. Just plug the WAN into one of the LAN ports on the hub router.
- Step 3:
Internet --> hub router --> insecure router
The insecure router is where you run all your IoT stuff, like cameras, lightbulbs, etc. Again here just plug the WAN into one of the LAN ports on the hub router.
This network will be able to access the internet, but it won't be able to get into your primary secure network. It's totally isolated.
Bill, so if I understand this correctly the big mistake most have, is the "Hub Router" is usually the one that has the wifi off it.
I have been looking through the net to try to find an image, is this close enough?
http://i.stack.imgur.com/kECmF.png (http://i.stack.imgur.com/kECmF.png)
(https://th3core.com/chat/proxy.php?request=http%3A%2F%2Fi.stack.imgur.com%2FkECmF.png&hash=1c092c8641f82c2b20ce506ab75ae2753295bf62)
Bill / Rupert.
Although the Y configuration could be theoretically more secure, in practice I doubt it is.
If any device on any of the networks gets hacked then the risk is the same as before. B/W loss.
A question that comes to mind is how you separate the networks and the devices on them and especially if devices on Network "Step 1" and "Step 2" can communicate with each other or not.
If they can then the theoretical protection is completely gone too.
Ultimately, I am of the view that it's simply more points of weakness when compared to one well set up router. However, I do appreciate it's just an opinion and if it delivers just peace of mind, then there is also value in that too.
Quote from: Rupert on February 07, 2016, 06:30:42 AM
Bill, so if I understand this correctly the big mistake most have, is the "Hub Router" is usually the one that has the wifi off it.
I have been looking through the net to try to find an image, is this close enough?
Rupert, that's close, but that Switch wouldn't be providing the network isolation that you want. That might work for one leg of the "Y", but you wouldn't want to put your PC on that leg. A better diagram would be this:
(https://i.stack.imgur.com/0l9tM.png)
Quote from: JasonD on February 07, 2016, 12:24:53 PM
Bill / Rupert.
Although the Y configuration could be theoretically more secure, in practice I doubt it is.
If any device on any of the networks gets hacked then the risk is the same as before. B/W loss.
A question that comes to mind is how you separate the networks and the devices on them and especially if devices on Network "Step 1" and "Step 2" can communicate with each other or not.
If they can then the theoretical protection is completely gone too.
Ultimately, I am of the view that it's simply more points of weakness when compared to one well set up router. However, I do appreciate it's just an opinion and if it delivers just peace of mind, then there is also value in that too.
JasonD this setup I explained has been described as bulletproof in terms of isolating the networks from each other. The routers constrain the attached devices to their own isolated LAN networks and it is impossible for one router network to access the other. They cannot route to one another via Ethernet (Ethernet is not routable, it's all MAC addresses) or spoof ARP packets between them in this configuration. If one network is compromised they're isolated and the bad guys are limited to traversing the network they're on. They can access the Internet, but not the other network.
If you have a fancy router with a firewall and you're using something like pfSense you could get away with doing all of this on one device. However, you'd have to know what you're doing there. The setup I suggest is a lot easier to implement and isn't very expensive either.
> The setup I suggest is a lot easier to implement and isn't very expensive either
Agreed.
cool thanks Bill.
Bill.... if all these connected devices are so dangerous, what's the difference, if any, between an LED lightbulb with wi-fi and a networked printer with wi-fi?
I ask because unlike the bulb, I can't isolate my printer and have it be worthwhile and in many cases I don't want it close enough to the router to connect via wire
(BTW, my printer is connected via USB but the truth is that I had it running with wifi then it quit and I could never get it working again).
> what's the difference, if any, between an LED lightbulb with wi-fi and a networked printer with wi-fi?
Nothing IMO.
http://www.theguardian.com/technology/2012/jul/23/hacking-attack-printers
http://www.contextis.com/resources/blog/hacking-internet-connected-light-bulbs/
Ok, so If I understand this right, is this Gateway safe?
http://wirelesstag.net/
I somehow suspect not.
I doubt it, but I doubt any site is 100% secure. I have given it a check however I have only given it a once over, scanning for open and known obvious vulnerabilities.
However, IMO any site that is live online may have vulnerabilities we don't yet know about. For me that isn't the issue. I accept that almost all web apps will likely have them. How quickly and expeditiously they are fixed is more important in practice than having a technically perfect site; as something that passes that check today, could be f***ed tomorrow.
Quote from: ergophobe on February 08, 2016, 04:32:40 PM
Bill.... if all these connected devices are so dangerous, what's the difference, if any, between an LED lightbulb with wi-fi and a networked printer with wi-fi?
I ask because unlike the bulb, I can't isolate my printer and have it be worthwhile and in many cases I don't want it close enough to the router to connect via wire
(BTW, my printer is connected via USB but the truth is that I had it running with wifi then it quit and I could never get it working again).
They're dangerous because the manufacturers really haven't considered security. It's the IoT devices that are of concern as they're accessible by anyone on the Internet. Then somebody goes to Shodan (https://www.shodan.io/), looks up the exploit, finds your devices, and takes advantage.
Generally a wireless printer will not have public IP. It will have an IP from your NAT router that won't be accessible on the web. As long as you aren't port forwarding anything to that printer you can consider it just another part of your local network. If you've got a printer that's open to the net, then putting it on another network wouldn't be a bad idea.
I see this sort of thing daily...
QuoteFlaws in Trane thermostats underscore IoT security risks, Cisco says (http://www.pcworld.com/article/3031218/flaws-in-trane-thermostats-underscore-iot-security-risks-cisco-says.html)
"While IoT devices such as smart thermostats, home lighting, and security systems bring an added level of convenience into our lives, these vulnerabilities highlight the dangers of insecure development practices," he wrote.
Cisco found three vulnerabilities which could be used to gain remote control of the thermostat, run rogue code and gain access to the local network.
Trane was notified in April 2014. It patched two of the vulnerabilities in April 2015 and the final one on Jan. 27, Chiu said.
"We are unable to determine if Trane has associated these vulnerabilities with security advisories or if they have effectively communicated the necessity of installing these updates to their customers," he wrote. "As a result, Talos recommends that users who own these thermostats to update immediately."
Right... the printer would never have port forwarding set up.
I think I'm fairly protected by my crappy satellite internet - I've tried to set up a device with port forwarding so it could be accessed from outside the local network and never could. Eventually I found many posts on their forum confirming that it could not be set up and accessed over satellite internet.
Set up the Blink cameras today. Had to briefly re-enable router SSID broadcast, but after that it was pretty straightforward. So far, so good. I placed two outside under covered porches. This will require a long term review on outdoor use and battery longevity, but so far I like the system.
Edit: Headed to Amazon to get a UPS and additional router for security sake.
Excellent.
I can't wait for mine to arrive. Unfortunately for me, they were sending all the US orders out before the rest of the world.
I have an ETA of March / April.
Update: While recording, the cameras display a blue LED light. In the dark they shine bright, visible while LED light. Not sure if better or worse than IR illumination.
not secret then?
Installed mine. Had a minor problem with the wi-fi hand-off from the control phone to the module but it was due to misinterpretation of written instructions --problem located between the keyboard and the seat. (Stay on the app to connect to your wifi.)
I like it.
>light
I'm skimming amazon reviews on blink cam to turn up any setup gems. Ran across this right away
- The camera has a privacy light so you know when someone is watching
- The image is pretty ok in low light, but the camera also has a pretty bright light on it that can be optionally turned on.
<more from amz>
Max storage is about 2hrs of video clips (in the cloud), so you want to be diligent about turning the motion detection feature off when you don't need it (e.g., once you get home) and/or regularly delete old clips to free up space.
Don't buy this camera if you don't have an US iOS App Store account. You won't be able to install the app and use the camera until you create a new account or until they release a new camera version for international orders in March.
It is often slow to arm the cameras, especially if I'm away from the home wifi. Sometimes the arming fails. Also, the 10-second video is too short to get a good idea of what's happening--30 seconds would be better.
Features I'd like to see:
- More polish on the app.
- Schedule for automatic arm/disarm.
- Web interface for accessing the system.
- Additional alert options for when motion is detected (e.g. an email with video attached).
- Option to easily turn on/off light during live view.
LOTS of calls for an outdoor cam in the reviews, Trav.
They're already talking about an "auto-arming" feature if you use location services. Basically, it arms when your phone leaves the house.
We'd be pretty trusting to use a security system app that tracks how far we are from home.
Edit: grammar.
"Coming Soon: Auto arm/disarm function" on the features page. Simple schedule or location. Simple schedule would work for me.
can't wait till March :D
Thanks for the tip on Blink, Jason. Easy, K.I.S.S. setup. Works great. Cheap enough that I'm not forever tied into some vendor's ecosystem.
...and it provides loads of entertainment for the Chinese viewing audience when you go out to pick up the morning paper in your skivvies. ;)
>skivvies
Full Monty!!
I leave it off except when we're out of the house for an extended period. It sure as hell reminds you it's on --when we returned from a trip a week ago, I'd forgotten about it. It spewed alerts/notifications as I tripped the motion sensor. "WHO THE F*CK keeps emailing me, I'm busy unloading the car?!?! ....Oh."
Besides, I might be an exhibitionist.
Just got notification that mine will be shipping soon so I'll get to play too :)
Amazon has bought Blink
http://bgr.com/2017/12/22/amazon-blink-acquisition-price/
And they just announced a doorbell cam. Excellent.