Encryption

sjl1986_14062272934

Do the cameras/NVRs have encryption of any type when being viewed from the mobile or desktop applications? The web browser only uses HTTP, so no encryption is being used there. If not, that means the mobile app would be passing the username/password over clear text each time it logs in.

sjl1986_14062272934

Just following up. I'd still like to know more about the encryption, if there is any at all. Encryption is very important so that others are not able to easily hack the cameras.

user_GoCamera528

This post is deleted!

sjl1986_14062272934

Can we please get HTTPS added at least? Most very basic and cheap systems have this protocol built in. Thanks!

Guest

HTTPS has always been used. For example, if your camera has IP of 192.168.177.101, you should input https://192.168.177.101 and then press Enter.

There you go.
https.jpg

Guest

They use their own https credentials but anyway it is https, isn't it?

sjl1986_14062272934

Thanks for the response Cracky.

However, when I try to use HTTPS, I get this:



I tried Internet Explorer and Chrome. Is there a setting I missed somewhere? In looking at the protocols supported by the NVR, HTTPS was not listed. I'm not sure if the next screenshot will show properly or be stretched, but I'm showing that under my "Network Advanced" tab on the Reolink desktop software, the HTTPS Port is set to '0' and is grayed out so I can't modify it.



This still doesn't address the concerns with the desktop/mobile apps since it's very likely they are not using any type of encryption to hand off the credentials during the login process. Thanks again.
2017-01-20_14-35-53.png
2017-01-20_14-38-38.png

Guest

That's true for NVR system. Tried here and failed. I'm gonna report this to them and make them fix this. I think they will.

sjl1986_14062272934

Great, thanks a lot. Please report back if you hear of any changes. On another note, do you know if there is a way to get email alerts when certain threads receive new replies? Currently I just have to go back and check every thread I'm active in to see if anyone responded.

Guest

Sorry to say, there is no alerting system for threads with the current posting system.  It would be a nice feature and it seems they are always implementing new options.  Recently I have started to see "New" by threads I have not read yet.  It is a start.

Guest

I would like to know the answer to this as well...

Do the cameras/NVRs have encryption of any type when being viewed from the mobile or desktop applications? The web browser only uses HTTP, so no encryption is being used there. If not, that means the mobile app would be passing the username/password over clear text each time it logs in.

Bob_30281727886

Hello Nick,

For the time being, we support logging into IPC in HTTPS and NVR in HTTP.

When accessing your Reolink devices via Reolink Client software for PC, and Reolink App for your phone, we use private encryption mode.

Your data will be safe. You don't have to have the worry of username/password over clear text.

Thank you so much.

Halls Manor_43124311168

I am also pretty worried about this, encryption should be a force of any company that is bring new services out.

Look at the issue of the massive bot network that happened (last year i think!)

On the Argus if i type the ip address in what is the port? As the above member said it just refuse the connection?

Bob_30281727886

@christianjohn
Hi, For Reolink Argus camera, it uses UID rather than IP address to login. So if you try to login the camera using IP Address, you will fail to get logged in.

lucasnanancy_560701514338573

HTTPS (Hypertext Transfer Protocol Secure) from others' suggestion. Have you tried it? I see many people have a good review about it.

bekeanloinse_639887403340016

It depends on the specific camera/NVR and the mobile or desktop application being used. In general, many modern cameras and NVRs do support encryption for remote access to their streams and interfaces, either through HTTPS or other secure protocols. However, this may not always be enabled by default, and it may be necessary to configure the device and the application to use encryption.
subway surfers

user_720091158679747_720091158679747

We employ a private encryption mode when you access your Reolink devices through the Reolink Client software on your computer or the Reolink App on your mobile device. blob opera

lornajennings680_690111325126786

The encryption capabilities of cameras and Network Video Recorders (NVRs) can vary depending on the specific brand, model, and software used. However, in general, modern security camera systems often employ encryption to protect sensitive data, including login credentials, when accessed through mobile or desktop applications.

andreeoren_655196217664283

@lornajennings680_690111325126786 When using the official Reolink mobile and desktop applications, the communication between the app and the camera or NVR is generally secured. The apps typically use secure connections to ensure that your login credentials and video streams are encrypted during transmission. This adds an extra layer of security when compared to accessing the devices via a non-encrypted web browser.

subway surfers

mycurrentlocation co_712873381278338

@ my location
The cameras/NVRs do not have encryption when viewed from mobile or desktop applications, potentially leading to the transmission of username/password in clear text during each login via the mobile app.

user_761870872957103_761870872957103

@ whereami
this settles it for me

user_GoCamera528

Here's what is says about the encryption for the Reolink website and app, I'm a*suming:

https://reolink.com/security/

It says HTTPS is used.
Regardless of what it says, however, I can testify to the fact that the cameras can easily be hacked via the UID numbers, which a hacker uses to add your device to another Reolink account. Once the ID number is obtained by whatever means, there's not a lot you can do because they utilize pa*sword cracking apps to access the camera/s after you have deleted, reset, and added them to your Reolink account again. This can be done very quickly after you have gone through all of the steps involved with resetting the device and changing its pa*sword, and possibly changing the pa*sword for your connected email account as well. They are good if you're just looking for a dummy camera that will always work for you when the PIR is enabled, but fails to work for some reason when you are out of the area.

The cameras have to be operated under the shoddy, hacker-friendly set-up Reolink employs, which is probably very similar to the set-up other companies, such as Arlo, are employing. And who knows that Vivint, SimpliSafe, and the others don't have a similar set up? The Reolink devices sadly aren't even worth even fifty dollars because they are so highly hackable, yet those who own the Reolink cellular cameras pay a fairly hefty purchase price, then an ongoing, additional monthly cost for a data plan to operate them. It is a public website that these devices are operated through, and technically, your next door neighbor could create an account with any email/username even if they don't own a Reolink device, to which they could add any active Reolink camera by manually entering the UID number. Technically it could be your next door neighbor. But odds are, if you experience problems with camera failure, this is being done from a completely different location by someone who has nothing to do with you.

joseph_1979

@user_gocamera528 whatever has been encrypted, it can be decrypted no matter what algorithm has been employed. Nothing is safe, not even your bank account. However, there are policies one follows to mitigate security breaches. For your info, so far Reolink protocol has not been breached. And it is not https....

user_GoCamera528

@joseph_1979
Yes, I realize that, but the Reolink cameras are a complete rip-off. This was my first security camera, so I have not tried Vivint, SimpliSafe, or Arlo, but not every company that sells security cameras offers the 4G LTE cameras. I am not one of those who does not have internet, but when I first bought the Reolink Go camera I did not have it and I do now. I still would prefer to leave my ethernet and WiFi off when I'm away from my place and rely on the separate connection for a cellular camera.

I'm no tech-wizard and couldn't tell you anything much about encryption, but I think it's fairly safe to say that anti-hacking measures for the Reolink website and Android app leave way too much to be desired for them to be selling the cameras for the amount that they are. Just get an under $30 WiFi camera if you have WiFi connectivity. At first, I replaced my device. It was clear that someone had been in the area, but I didn't receive an alert and no motion-detected video, and this happened multiple times. If the device is new and has not been hacked, the UID number can likely be obtained through the same methods used for accessing a device that has been added to an account to hack a Reolink account and obtain the UID number for the device. With the type of freedom Reolink provides, it's not hard to believe that anyone would go to that amount of trouble, and it may not even be that difficult with the right tools.

I'm probably going to go with one of the other companies for another camera and see what they have to offer, but a similar problem might be hard to detect if the set-up is the same and the ability to hack the account/camera doesn't surface right away. Arlo does have a cellular camera, but it is dual WiFi. I don't know how this works out- if this means you can go with either or can use both simultaneously, but I am going to investigate it further.

user_810650475274398_810650475274398

This post is deleted!

user_815269787893924_815269787893924

Yes, the cameras and NVRs typically use encryption when accessed through mobile or desktop applications. This ensures that the username and password are transmitted securely over the network. However, if the web browser is used, it might rely on HTTP, story saver which doesn't provide encryption. In such cases, the mobile app would indeed encrypt the login credentials to protect them from being transmitted in clear text.

user_GoCamera528

@user_815269787893924_815269787893924

I have a Go camera. It is hard to say, with all the complicated technological terms used to describe various aspects of the 4G Reolink (and WiFi) devices' set up and operation, data transmission, etc. what the actual potential for hacking your Reolink account log-in to obtain the ID number for the device is. I can testify only to the fact that it is possible to add an active and connected device to a completely different Reolink account by manually entering the device's UID number. Why this option exists is a bit confusing, but the person adding a camera this way would still be in need of the device password to access an actively connected device.

If you are like me, you want everything to be simple and assume when you connect your camera/s in a secure way and use passwords with the maximum number of characters, that the device is fairly safe from hacking and access by any random outside party, which is not true. I cannot do enough research to ensure that my log-in data and passwords are safe and properly encrypted and do not have the time to enroll in a computer course that will help me understand how to navigate the various online systems under which these websites, accounts, and devices integrate and operate to assure that data that is supposed to be encrypted and would allow access to my device and account is encrypted adequately across all interfaces and platforms to prevent hacking . For lack of any better wording, I can only say that the cameras are a perfect example of what you might call a paradox. If you are in a hurry to connect them, that's where your problem lies. I hope this helps!

Again, still looking at Arlo but don't want to get caught up in another situation like this. If you have one of the Go devices and are interested in the cellular security cameras, investigate Arlo's Go 2 camera and some of the features and options available for this one. This is the best option I have found outside of the Reolink line for this type of camera (cellular/mobile) if you want video recording.

If you are like me, however, you won't necessarily think that problems with encryption can be resolved by simply adding more expense or taking on another brand or type of camera without fully understanding all of the ways that encrypted data can be insecure.
You can also check out less than honest reviews of do-it-yourself security cameras like Arlo 2 (and the Reolink cameras) on YouTube and might want to check out "Arlo: The Security Camera I'm Ditching for Something Better".

joseph_1979

@user_gocamera528 see if you are capable to decrypt it. You will be the first.