How does the Reolink UID actually WORK?

justin

Hello,
Doing some searching, I have the identical concern this gentlemen does:
https://thedocsworld.net/reolink-security-concern/

Prior to finding this article, I realized it's indeed the UID allowing external access to my system. By disabling the UID, it caused the app to no longer function, which I then manually set up via the IP and TCP port *I* configured in my router's port forwarding .

What I can't seem to find is HOW the UID function actually works? How is my NVR establishing external, two-way communication with my iPhone via the UID? I had not opened/forwarded any ports and it just 'worked.' Is the NVR unknowingly communicating (sending video) via Reolink's cloud? What is the 'system' that the UID is actually UNIQUE on??

Think about it: If we HAVE security cameras in the first place, we ARE a security-conscious bunch. I NEED to know EXACTLY how this works for me to feel comfortable with this system. And SOON.

Thank you,
Justin

Crimp On

My understanding is "yes, the Reolink devices (cameras, NVR) open IP connections to the Reolink cloud servers." Once a connection is opened "outbound", it is open for return traffic from that IP. Like, when you connect to a web site, that web site can send packets back to you. The unique user name and password are used to look up the connection to a particular UID that is associated with that customer. Port forwarding allows anyone, anywhere to attempt to connect to your cameras. The only thing stopping them is knowing the user name/password for the camera. (Just like they need to know the user name/password for the Reolink app.)

I would email the question to "support@reolink.com", rather than asking Community members. We users have opinions, whereas the support staff are usually pretty knowledgeable.

People who are "totally paranoid" about security do not register their cameras using UID, and probably do not set up port forwarding. They either do not allow access from outside their LAN, or they set up VPN's to tunnel into their network.

Carl

Hi Justin, about the remote accessing on Reolink products. We provide the UID (based on P2P) for users to make it easy to use. You may just connect the cameras/NVRs to the Internet and log in them via the UID with your username/password. For the P2P, please refer to here. And the UID uses the random UDP ports on the network. If you don't need that, you may just disable it and set the port forwarding by yourself. But we hope to provide users with a convenient way to use the cameras/NVRs, users needn't know how it works or worry about the security issue. We used the private protocol and also has the encryption from the AWS to protect your data safety. Also, our server won't save any private data from users. If you still have any questions, feel free to contact us at https://support.reolink.com/hc/en-us/requests/new. Have a nice day!

melroy

Sorry it's an old topic, but still relevant today and unanswered. Also high in the search results.

Reolink should indeed do a better job explaining their "UID" mechanism / P2P system. Which is actually contacting the Amazon cloud. Using a technique called "hole punching" through the firewall, without the users knowing.

This is very dangerous, so you should ideally put your camera within a separate VLAN. ~~Reolink, please just be more transparent about your products.~~

Another option I found is to basically disable P2P by unchecking "Enable UID" within: Settings-> Network Settings -> Advanced -> Enable UID.

After more searching, I finally found this article from Reolink: https://reolink.com/blog/p2p-ip-camera/

@Reolink If I disabled UID feature, can I still enable port forwarding manually when needed, giving back control to the users? Which port should I then forward manually to keep using your mobile app?

Hint; search on Google: "Peer-to-Peer Functionality in IoT Security Cameras and Its Security Implications"