IP Camera's and Linux
During the Christmas rush I mistakenly ordered an IP, Wireless, HD camera without too much investigation. When it arrived I suddenly realized that I hadn't checked if I could pull down the images with any of my HA software. What was I thinking?! Anyway, long story short. I can't get at the images directly. These camera's are meant to be used with a cell phone (not a tablet) or the web service. So I used their app, setup the camera, broke out nmap and later started searching the net for any details I could. Nmap found ports 23, 80, 8000 and 9000. My search for the Funlux Mini WiFi 720P HD (or CH-S1A-WA or ZH-IXY1D) camera brought me to a bunch of information such as telnet using root and no password (and no direct way to change that). The web page login is admin/111111. It needs IE because it uses a cab file (wouldn't work with Firefox). I used Wireshark to figure out what was going on and noticed that my WiFi SSID and the access password were being sent in plain text. And that the camera was sharing information (probably video and audio) with a web site on the internet. WOW! I don't know what to say other than I am not happy with this in so many different ways. The picture is great but other than that I can't say anything good.
For those looking to hack the camera, take a look on Hackaday, the link is called Zmodo - Local Controller. A bunch of us posted the various information we've found there. I've also put my notes up on my web page as Hacking a Funlux IP Camera.
Now despite this I'm going to keep the 2 cameras I have. I've already blocked them from internet access and I'm working on securing the telnet access. I'm also going to write some software so I can pull back the images to my HA server. While I can't trust the vendor and their software I should be able to still make use of the cameras. I have plans for a Raspberry Pi loaded with a script to grab the images and video and make them available via a stream so programs like ZoneMinder can access the cameras.