@vigy_591093180735512 There are a multitude of security features which can be added. I have passed the following to the Reolink support for consideration.
Having the username/password credential is not enough and I propose the following for your evaluation.
1. Introduce 2FA which definitely provide another layer of security. This has already been implemented in RING, Wyze, etc. Introduce it as an option and let the customer to activate it or not.
2. Introduce a log of the source IP logging to the camera. Have the last 20 IPs together with timestamp logged and exposed them to the customer.
3. Send a push notification or email when user fails to log to the camera. In additional to the account locked feature.
4. Add a read only Audit log which captures all the changes made by the Admin. To include timestamp with each change made.
5. Add the possibility to send a push notification when a user logs the camera. Leave it to the customer to activate/deactivate the feature
6. Add a privacy shutter which inhibits any recording. This must be password protected and administered by the admin.
7. Introduce a heartbeat feature with changeable timings where a push notification or an email is send to the customer at specified regular intervals. Or else have the heartbeat mechanism be implemented with your servers and if this is not received for say 5 consecutive times, a push notification or an email is forwarded to the customer. This will definitely entails to augment the number of servers at your end and so option 1 is more favorable.
8. Encrypting the mp4 files in the SD (using AES 128/256bits or 3DES) and files can only be viewed from the Android/Ios/Windows applications using the combination of UID and password of the camera. Then if the customer wants to pass this video to police then it can be exported with no protection.
