Security@Georgeliu.me

Sometimes people make mistakes. Sometimes they make very expensive mistakes.

I made a mistake last year, when I was busy trying to secure my home. Apparently, some guys broke into a girl’s apartment nearby and stole a lot of money.

So I bought a VimTag camera. But hey, at least it wasn’t a Porche, right?

Here’s why VimTag cameras are mistakes:

1. Weak security.

There are guys out there talking about how they can telnet in with no password required.

The telnet protocol is usually run on port 23, but this device is running it on port 8600 as a ‘security’ measure. He’s saying all you have to run to get root access is: telnet target-ip-address 8600

From Reddit

People on Amazon are claiming their networks were hacked after installing a VimTag.

I called tried to change my wifi password and someone had already done so. They also changed my device access code for the router. I factory reset and within minute it had been changed again. Now my net is disconnected, pending replacement of my router for security reasons.

Why Amazon sells a product with known security risks speaks volumes about their priorities to me. I thought people were being paranoid, but turns out exactly what they warned about happened to me within a day. DO NOT USE THIS PRODUCT. So shady… I now have the pleasure of resetting all my passwords and info and not having access to the net for several days while I clean up this mess. I only hope there are no other precautions I’m missing that will pop up later… Ugh..

From Amazon

2. Iffy security.

I monitored some of the data from the camera. It was going to servers in Turkey as well as in China. I understand China, but why Turkey?

17.253.54.253
ISP Apple Inc.
Usage Type Commercial
Hostname defra1-ntp-002.aaplimg.com
Domain Name apple.com

54.153.82.107
ISP Amazon Technologies Inc.
Usage Type Data Center/Web Hosting/Transit
Hostname ec2-54-153-82-107.us-west-1.compute.amazonaws.com
Domain Name amazon.com

46.45.138.218
ISP Radore Veri Merkezi Hizmetleri A.S.
Usage Type Data Center/Web Hosting/Transit
Domain Name turkrdns.com

210.72.145.44
ISP China Science and Technology Network
Usage Type Fixed Line ISP
Domain Name cstnet.net.cn

From AbuseIPDB

3. No security.

After further testing, I found that most of the communication between the app and the back-end occurred in cleartext (no HTTPS). Actions that used unencrypted communications included registering a camera to my account, adjusting settings, formatting the SD card, accessing stored audio or video, and initiating the recording of audio or video. When I went to view the network settings, their backend server sent to my device a list of SSIDs for all the wireless networks in the camera’s proximity. A team of researchers found that using only SSID, they could locate a device within 13-to-40 meters. The server also sent the WPA2 key for the network to which it was connected meaning that not only is the key visible to any attacker, it’s stored on the server and easily recoverable.

From NowSecure

4. They are insecure liars.

I left it connected and there were multiple connections going to and from the camera. I also noticed that it was scanning the network with PING requests. I have attached a WireShark Packet capture from start to finish of the setup of the camera. The 172.16.74.0/24 network is my private LAN and the 192.168.137.0/24 is the AP that I was running off my laptop, .1 being the laptop/GW.

I will also add that if you try to run a port scan on the camera it renders it completely DOA and will not restart. I did this using Zenmap on my PC and the camera is now DOA. The paranoid part of me suspects this is to prevent seeing what it’s doing and has open. The other part of me just chalks this up to poor firmware/software on the device.

That being said I just wanted to put a quick post out there in case someone else was thinking about getting these cameras. They also do NOT work with any standard IP cam applications or DVR software, this means no RTSP or ONVIF support.

From TimothyHogland

5. They are really liars.

Their website states:

Network specs

Wireless Network
WiFi (IEEE802.11b/g/n)

Ethernet
10/100Mbps RJ-45 interface

Protocols
TCP/IP, UDP/IP, HTTP, DCHP, RTSP, RTMP, MUTP

IP address
Static IP address and dynamic IP address

From VimTagUSA

In actuality? If you pay them money, you can connect to their private cloud. There is no RTSP or RTMP support, which is necessary for 3rd party apps to connect to your camera. Nothing else works. You pay for their stuff, or it doesn’t work. Not to mention it’s incredibly slow.

6. Their customer support is worse than bad.

After I wrote a bad Amazon review with all the information contained here, they sent me this reply:

Vimtag server is all over the world. What you said is just your own opinion and it’s Incorrect.
You don’t know exactly how the camera work.
We will contact you via email.
Maybe you hate Chinese goods,right? Our maker not only in China, the United States,United Kingdom,and Italy also have Vimtag Company.
Best Regards
Vimtag Team

If I hated Chinese goods, why did I buy one? Well, OK, I seriously have a much lower opinion of Chinese goods after this mistake. And they didn’t email me in the end.

Well, OK. Maybe I’m just hating on them so much because the camera was expensive, but it was slow, not useful, and really not good. And…

7.They are liars, again.

Fakespot Review Grade: F

Our analysis detected 80.0% low quality reviews

From FakeSpot

Future Steps

Seriously, don’t buy this thing. I bought one and it was a huge mistake, not to mention a security risk.

After that, I bought an Amcrest camera, which emails snapshots to me and takes video, no cloud subscription required, for the same price. Even has notification zones. I wanted to buy stuff with facial recognition and the like, from good brands like Ring or Orbi or whatever, but those are expensive and almost require a cloud subscription. My Amcrest connects to my NAS and can send me snapshots when there’s movement. Although it has a lot of bugs that require resetting the device at times, which was a pain, too. Cheap Chinese goods, eh?

But I have the VimTag, so I’m looking to hack into it through telnet and have it send any images it takes to a cloud server. More info here: JumpESPJump

Security@Georgeliu.me

CrashPlan is a great data backup service. It has some drawbacks, such as high memory use and slow speeds (being based on Java), but it has some terrific benefits as well. It is about the only program that allows you to store data on multiple computers and on the computers of friends, a free option.

However, I recently ran into a problem with CrashPlan: something was causing CrashPlan to see the folder as 0 bytes instead of several gigabytes. It could not see the data in the folders, and as a result, no data was being backed up.

So what went wrong? I initially thought it was something to do with security settings and file permissions. I searched Google for a while and came up with some hints, such as taking ownership of files and such. For that task, using Ultimate Windows Tweaker allowed me to easily add the correct registry extension to the right-click context menu and take ownership of all files.

That didn’t fix anything. I was still pretty sure it was a file permission error, so I looked at the base drive, and made sure all accounts (Myself and Everyone) had the necessary permissions, with the correct option selected (applying these permissions to “this folder, subfolders, and files”).

It still didn’t work, so I played around in CrashPlan to see what was going on. Only some folders were not capable of being backed up. And as it turns out, the only folders that CrashPlan could not access were the ones being shared with the Windows 7 HomeGroup. Here was a big hint, and I eventually followed these steps:

  1. Disable “Password protected sharing” (Control Panel>All Control Panel Items>Network and Sharing Center>Advanced Sharing Settings\Password protected sharing)
  2. Add “Everyone” account to necessary folders and give them “full control” permissions (Right-click folder, Security\Advanced\Change Permissions\Add\Allow Full Control)

I am not sure that step 1 is necessary, but I believe that because security was enabled, Windows cut down access from Myself and Everyone to just Myself and HomeUsers (HomeGroup). Either way, the most important thing is this: CrashPlan needs to have an Everyone account associated with the folders to back up (and the necessary permissions to read the folder). Otherwise, backups may not work.

But funnily enough, another shared folder that is backed up in CrashPlan has Myself, Administrators, HomeUsers, and SYSTEM user accounts attached to it. Maybe SYSTEM is enough?

 


Comments

Previous comments imported from a different version of this blog.

Hint: use System instead of Everyone for security reasons.

I had this same problem and solved it. I moved an external hard drive from a Win XP to a new pc with Win 7 and found Crashplan saw nothing under a directory with 300 gig. Yet other folders on the same drive did not have the problem. That directory with 300 gig has been shared previously. I found I had to add SYSTEM to the permission so that Crashplan could see the entire directory structure underneath it. After more digging, adding Everyone will have the same effect. — CharlieI didn’t have to give everyone FULL permission, just read permission. But the trick was to disable the Password Protected Sharing. THANK YOU!…saved me a lot of grief! — Steve

I found success by adding SYSTEM account. Not full control and with password protected sharing turned ON. — Sean

It was option 1 for me – the password sharing. Disabled it and crashplan immediately worked again. No idea why this happened or what caused it though. — Nicholas

I had the same problem on Windows Server 2012. CrashPlanPRO wasn’t backing up shares I had changed the security settings on. Adding the SYSTEM user and giving it read and execute rights did the trick. Thanks — Josh