Share Your Local Security Installation to Win Cameras
Get Your 25% OFF for Local Storage NVR Kit Now
Talk About the Local Storage: Pros/Cons and Local Storage Options
Bringing Up New Products Check Out What's Coming Next
Where to install the 360° Reolink Fisheye? Here are recommended Positions
Hello,Doing some searching, I have the identical concern this gentlemen does:https://thedocsworld.net/reolink-security-concern/Prior to finding this article, I realized it's indeed the UID allowing external access to my system. By disabling the UID, it caused the app to no longer function, which I then manually set up via the IP and TCP port *I* configured in my router's port forwarding .What I can't seem to find is HOW the UID function actually works? How is my NVR establishing external, two-way communication with my iPhone via the UID? I had not opened/forwarded any ports and it just 'worked.' Is the NVR unknowingly communicating (sending video) via Reolink's cloud? What is the 'system' that the UID is actually UNIQUE on??Think about it: If we HAVE security cameras in the first place, we ARE a security-conscious bunch. I NEED to know EXACTLY how this works for me to feel comfortable with this system. And SOON. Thank you,Justin
My understanding is "yes, the Reolink devices (cameras, NVR) open IP connections to the Reolink cloud servers." Once a connection is opened "outbound", it is open for return traffic from that IP. Like, when you connect to a web site, that web site can send packets back to you. The unique user name and password are used to look up the connection to a particular UID that is associated with that customer. Port forwarding allows anyone, anywhere to attempt to connect to your cameras. The only thing stopping them is knowing the user name/password for the camera. (Just like they need to know the user name/password for the Reolink app.)I would email the question to "firstname.lastname@example.org", rather than asking Community members. We users have opinions, whereas the support staff are usually pretty knowledgeable.People who are "totally paranoid" about security do not register their cameras using UID, and probably do not set up port forwarding. They either do not allow access from outside their LAN, or they set up VPN's to tunnel into their network.
Hi Justin, about the remote accessing on Reolink products. We provide the UID (based on P2P) for users to make it easy to use. You may just connect the cameras/NVRs to the Internet and log in them via the UID with your username/password. For the P2P, please refer to here. And the UID uses the random UDP ports on the network. If you don't need that, you may just disable it and set the port forwarding by yourself. But we hope to provide users with a convenient way to use the cameras/NVRs, users needn't know how it works or worry about the security issue. We used the private protocol and also has the encryption from the AWS to protect your data safety. Also, our server won't save any private data from users. If you still have any questions, feel free to contact us at https://support.reolink.com/hc/en-us/requests/new. Have a nice day!
Sorry it's an old topic, but still relevant today and unanswered. Also high in the search results.Reolink should indeed do a better job explaining their "UID" mechanism / P2P system. Which is actually contacting the Amazon cloud. Using a technique called "hole punching" through the firewall, without the users knowing.This is very dangerous, so you should ideally put your camera within a separate VLAN. Reolink, please just be more transparent about your products.Another option I found is to basically disable P2P by unchecking "Enable UID" within: Settings-> Network Settings -> Advanced -> Enable UID.After more searching, I finally found this article from Reolink: https://reolink.com/blog/p2p-ip-camera/@Reolink If I disabled UID feature, can I still enable port forwarding manually when needed, giving back control to the users? Which port should I then forward manually to keep using your mobile app?Hint; search on Google: "Peer-to-Peer Functionality in IoT Security Cameras and Its Security Implications"
@melroy I am not confident that Reolink software engineers monitor the user forums. My guess is that the answer is "can't be done". The mobile app works the way it does, and no other way.As the article referenced explains, a device opening a port to a remote server creates a link that the remote server can use to communicate with the device.My impression is that when a customer opens the Reolink smartphone app, the app connects to the cloud and uses the customer login credentials to scan the database for UIDs registered to that user who have open links to the server. If the connection is not already open, then the server has no idea which IP address any particular device may be related to.Only cameras that have connected to the server with their UID can be opened with the app.Opening a port on a customer router for remote access (i.e. port forwarding), does not restrict access to any particular IP address on the internet. For example, the Reolink RLC cameras include a web server that provides a way to view the camera video. If a user forwarded an external port on their router to port 80 (or 443) on a camera on the local LAN, then they could access that camera remotely. (provided that they can supply the correct user name/password.) This does not scale well, because every camera would need a separate external port linked to their internal IP address.
Hi there! Join the Commnunity to get all the latest news, tips and more!