Friday, August 16, 2013

Conspiracy Theory

I don't live in the best part of town, or the best town, let's say. So after a string of thefts over the last several years, I decided to install a security camera. I didn't think about it too much (I was still being driven by anger for having been ripped off). I drove to Best Buy and looked at what they carried in IP cameras. I came home with this-


It's the D-Link-942L IP camera and it's a good one. It was a little expensive (more than $100.00) and produces okay quality, standard definition video (640 by 480 pixels). It has motion sensing and records video to an (optional) built-in microSD card. It's by D-Link and I've been a fan of their products for years.

After I got the hardware and software set up, I found I could make an account at D-Link to watch video from my camera anywhere and anytime over the Internet. So I went to mydlink.com and made an account. Right away I was a little peeved to get a message that my browser (Opera, a good browser) was unsupported. So to access my camera over the Internet here I would have to use Firefox, or God forbid, Internet Explorer. 

When I was done I could indeed look at my front porch anywhere on the Internet. That was cool.

But fifteen minutes later I discovered a better way to do this. It was a simple matter of opening a port on my router's outside interface and forwarding requests received there directly to my IP camera. This was a simpler and better way. This is the way I use now. 

I had a moment of pause then but it took awhile for me to realize consciously something was wrong. How was mydlink.com connecting with my camera?

My router is set up (like many I believe) to allow all outbound requests (from my network to the Internet) and to block all inbound requests (from the Internet to my network). This is a good and simple way to keep from being exploited by strangers on the Internet. After all most people get an Internet account and pay for it to serve their needs. They want the Web, they want email, they want peer-to-peer, etc. You can reasonably expect then that normally requests will originate from the network and travel to the Internet. Anything coming the other way is likely to be trouble and is blocked. So if somehow D-Link tried to access my system from afar it would be blocked by my router. 

I thought about it and eventually came to the fact that my new IP camera was making a connection to D-Link without my knowledge. It was on my network, on "my" side of the router, so it was trusted. I logged onto my router and discovered the truth-



My camera was making a secure connection to somewhere. 192.168.0.161 is the IP address of my camera. You can see it was making a secured connection to the IP address "54.215.3.237". I pinged this and found-


So it was connecting to Amazon. I'll buy that.

This could be a security problem. You might assume this connection is used only by D-Link to give you access to your camera output to check up on what's going on at home, when you are away. That's reasonable. But there is potential to abuse this. What if some dishonest person or group hacks D-Link? What if D-Link agrees to channel the feed from your camera, from anyone's camera, to the headquarters of some TLA (three letter agency) like the NSA, the FBI, etc.? I knew I had to do something about this. 

I was never able to stop the camera from trying to make a connection to D-Link. I eventually found a way to block its attempts at the router. But it never stops trying. Day and night, night and day, it tries (unsuccessfully) to connect to D-Link. Here's a screenshot of my router's logs, showing the connection attempts:


And I confirmed the blocking by trying to log on to mydlink.com:


It's like a slow-motion, endless DOS (denial of service) attack on my router. I feel better now but I'd really like to stop the camera from doing this.

Here's a bigger question- how many other D-Link security cameras are in use out there, and are engaging in this behavior, without their owners even knowing it? Thousands? Millions? Let's say thousands. If D-Link cameras (and other IP cameras) are doing this it represents a huge potential problem. I guess that's my concern- that the security and privacy of peoples' homes and lives is being compromised by IP cameras that "phone home" without the owners' knowledge.  

I guess that's all I have to say for now. Any comments? Questions?