Just because you're paranoid, it doesn't mean.....

[bungeejumper]

I recently bought one of those cheapo endoscope cameras for use with a mobile phone. A bargain at £17, but I should have looked at the listing more carefully. I've sent it back now, but was I right to have security doubts about it?

I'd always assumed that these cameras simply plugged into the USB port on the phone, and then you'd be up and running. But no, the norm these days seems to be to have a wifi connection that hooks up the phone + camera to your router. And this one required me to download an obscure Chinese app that had already prompted other reviewers to ask whether it could use the connection to gather info from your network and pass it back to Beijing?

Paranoid, maybe, but being a near-complete innocent in such matters, it seemed like a question worth asking. As it happened, I had no use anyway for a cam that depended on a wifi link, because I was going to use it on somebody else's premises, so I really did need it to be a standalone. So I could return it as unsuitable without too many qualms. (And Amazon have accepted it back.)

Wifi-free replacement arriving today, at twice the price. Thoughts?

BJ

[kempiejon]

Wifi-free replacement arriving today, at twice the price. Thoughts?

Where are you looking?

I bought mine a few years ago, plug and play. Had a good peer up the chimney - not a metaphor.

[bungeejumper]

Where are you looking?

Into an 'ole in some boxing in a shop. T'plumber wants to run a pipe through, and would prefer not to hit any other pipes or cables.

I bought mine a few years ago, plug and play. Had a good peer up the chimney - not a metaphor.

LOL, I had that indignity in hospital a few years ago. It's one thing to send the camera up there where the sun don't shine, but quite another to know whether it's looking north, south, east or west once it's there. Those things use an entire mini-GPS system within the room. It would probably be overkill for choosing where to run a water pipe.

BJ

[Infrasonic]

It's a general issue with IoT (Internet of Things) devices, why and who are they phoning home to? There's been issues with security cameras and all sorts of other 'sensitive' hardware over the years.

There are ways to mitigate it like subnetting or the use of VLANS, so that devices you want to limit on your home LAN can either be prevented from using the internet at all or filtered via firewall rules. But as with all things networking it will require a fair bit of research reading to understand and implement (unless you want to pay a networking consultant to do it for you...).

I buy 'far east' products but tend to shy away from proprietary closed source OS/apps - at least with open source stuff you have a fighting chance of someone finding any nasties. I recently bought a Shenzen made router, but it runs on OpenWRT...https://en.wikipedia.org/wiki/OpenWrt

[UncleEbenezer]

It's a general issue with IoT (Internet of Things) devices, why and who are they phoning home to? There's been issues with security cameras and all sorts of other 'sensitive' hardware over the years.

Indeed, that goes back to around the turn of the century. But worth noting that there may be perfectly legitimate reasons to phone home: for example, your phones and 'puters themselves routinely do so to update (including important security updates).

I buy 'far east' products but tend to shy away from proprietary closed source OS/apps - at least with open source stuff you have a fighting chance of someone finding any nasties. I recently bought a Shenzen made router, but it runs on OpenWRT...https://en.wikipedia.org/wiki/OpenWrt

Open source certainly helps, but it's also pretty usual for there to be black-box apps running on top of an open-source base.

I'd be much more concerned about spyholes in Western than in Chinese kit. They certainly have a history of it, and some have legal requirements (for example, "lawful intercept" capability in the US, and the spectacular possibilities illustrated by stories like thrangrycat).

[Infrasonic]

...I'd be much more concerned about spyholes in Western than in Chinese kit. They certainly have a history of it, and some have legal requirements (for example, "lawful intercept" capability in the US, and the spectacular possibilities illustrated by stories like thrangrycat).

I just assume all the major Western tech companies have back doors mandated into their systems and use them as little as possible for anything I don't want snooped on.
Hence me having a paid for Proton mail account, use of proxied search, Linux VM's, encrypted no logs DNS, Tailscale overlay VPN etc.

Unless you've actually lived in China you have no idea - I personally know and follow online native Chinese and expats who live(ed) there with a tech background and 'overt' and 'draconian' doesn't get close to it. Notice how Billionaire Jack Ma went media silent after a spot of 'state reeducation'? - that isn't an uncommon occurrence.
Many of the finance community ( I know a few) moved from Hong Kong to Singapore because of the restrictive atmosphere.

[UncleEbenezer]

I just assume all the major Western tech companies have back doors mandated into their systems and use them as little as possible for anything I don't want snooped on.
Hence me having a paid for Proton mail account, use of proxied search, Linux VM's, encrypted no logs DNS, Tailscale overlay VPN etc.

Unless you've actually lived in China you have no idea - I personally know and follow online native Chinese and expats who live(ed) there with a tech background and 'overt' and 'draconian' doesn't get close to it. Notice how Billionaire Jack Ma went media silent after a spot of 'state reeducation'? - that isn't an uncommon occurrence.
Many of the finance community ( I know a few) moved from Hong Kong to Singapore because of the restrictive atmosphere.

Yeah, of course. My comment was premised on living in the West. If I lived in China I'd be more concerned about the Chinese government, based purely on who exercised power over me (and over the narrative I hear).

And of course malware like Pegasus can get you anywhere

[Infrasonic]

I just assume all the major Western tech companies have back doors mandated into their systems and use them as little as possible for anything I don't want snooped on.
Hence me having a paid for Proton mail account, use of proxied search, Linux VM's, encrypted no logs DNS, Tailscale overlay VPN etc.

Unless you've actually lived in China you have no idea - I personally know and follow online native Chinese and expats who live(ed) there with a tech background and 'overt' and 'draconian' doesn't get close to it. Notice how Billionaire Jack Ma went media silent after a spot of 'state reeducation'? - that isn't an uncommon occurrence.
Many of the finance community ( I know a few) moved from Hong Kong to Singapore because of the restrictive atmosphere.

Yeah, of course. My comment was premised on living in the West. If I lived in China I'd be more concerned about the Chinese government, based purely on who exercised power over me (and over the narrative I hear).

And of course malware like Pegasus can get you anywhere

Yes, but you are making specific claims about hardware. The fact is that companies in China have the state as a partner and do what they say - no exceptions. It's one of the reasons companies like Google pulled out.

I've read the Snowden books and all the other stuff around what the West gets up to, I'm under no illusions there. But ultimately this stuff is under the control of Congress/Parliament and whistle blowers will blow up any concerted efforts to subvert democracy (in the long run at least...).

You try that stunt in Russia/China and many other places and you will mysteriously fall out of a window or just 'disappear'.

[DrFfybes]

Wifi-free replacement arriving today, at twice the price. Thoughts?

Where are you looking?

I bought mine a few years ago, plug and play. Had a good peer up the chimney - not a metaphor.

I got one off Ebay last July for £8 - simple USB plug and play.

https://www.ebay.co.uk/itm/185689800842 they've gone up a bit since.

[Infrasonic]

Specifically on Pegasus - the Israeli company behind it has been obliterated by legal action, it's worth reading up on.

There were some uber smart people working for them and I wouldn't be surprised if they have been offered jobs at 'state employers'...

[Urbandreamer]

Personally I feel that there is little reason for a endoscope to be wifi. The only "good" reason would be to reuse mass produced camera control hardware. Many examples, such as video doorbells exist, so there will be a lot of such hardware.

I would be cautious about trusting any such device, given the history of such doorbells being exploited.

You might want to investigate your router and see about turning Plug-n-play port forwarding off.

Basically it trusts and allows devices connected to your home network to open ports. Useful for those video doorbells, but you are trusting that the company that manufactured the device is not only honest, but more important competent when it comes to security.

[Infrasonic]

WiFi Direct or Bluetooth is also a thing that can be built into devices, you don't have to go via a router with WAN capability.

[stewamax]

Unless you've actually lived in China you have no idea - I personally know and follow online native Chinese and expats who live(ed) there with a tech background and 'overt' and 'draconian' doesn't get close to it. Notice how Billionaire Jack Ma went media silent after a spot of 'state reeducation'? - that isn't an uncommon occurrence.

Perhaps Jack Ma once had a longer surname but the State cut a bit off ...

[bungeejumper]

Wifi-free replacement arriving today, at twice the price. Thoughts?

Just to say that the replacement non-wifi cam arrived this afternoon, and it plugged in and worked without any problems. Seems fine.

BJ