Announcement

Collapse
No announcement yet.

DVR sending data out?

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • N. A. Corbier
    replied
    Just to note something... Dynamic DNS requires a device to call home every so often to report the new IP address to the Dynamic DNS script. If you have the device on a static IP that can either be routed (either from a public IP or via NAT), then you have no need for Dynamic DNS.

    The fact that the device is bundling Dynamic DNS updating with their DVR remote viewing software is fun, though.

    Leave a comment:


  • Robocoach
    replied
    Haven't been here for a bit, but have somewhat of an update.
    Apparently Nuvico is working on an OS version update which will permit the "call-home" feature to be disabled, however, it will be on by default. Is this going to become the default OS? Who knows. Will it be documented? My guess is that it probably won't, because of other "features" that have not been documented that should have been.
    An explanation that I received about the reason they call home is to help provide remote connectivity - dynamic DNS - and that all the unit sends out is IP, model and serial number. Huh? Like there isn't a million DNS servers out there already to do this instead. What I do find interesting is the text on the main page the DVR points to (dvrstation.com). Besides written in faulty english (not exactly confidence-inspiring), functionality is there to view DVR's. This web page is apparently a web-based version of a software viewer called DvrPlayer that is provided with the DVR. Why someone would want to do this over the Internet via a questionable web site is beyond me.

    Leave a comment:


  • MetzLyov
    replied
    Originally posted by bosley View Post
    Hi,

    I've been following this thread since i joined the forum. I was wondering if there are any update available. I've wanted to get a dvr. But if the dvr is going to "call home", I want to know the necessary steps in preventing it from happening.

    Thanks
    I can tell you that none of the major manufacturers have this "feature" active.. and they better keep it that way.. Not to say that they have not tried before but were not able to get away with it.

    It is safer to go with the majors... your Panasonic, Sanyo, American Dynamics, Bosch, GE Security and few others. They know that they can face a legal challenge which will diminish their position in the market.

    Your second and third tier manufacturers do them for a simple reason... to find out where their DVRs end up... geographically it is important for them to know this piece of information, so that they can concentrate on areas that sell more.

    We worked with few of such manufacturers few years ago.. Right from the beginning we realized what they were doing and confronted them directly... They gave us every excuse under the sun and some could not disable the feature because some of the DVRs were embedded... In short, we dropped them for good and never looked back.

    Working with major manufacturers not only guarantees that none of such nonsense occur, but also the support and the warranty, which others can not provide..

    What type of DVR are you looking for? PC based or embedded? How many channels to record and how much internal storage?

    I personally prefer embedded systems - all the system software and the applications reside on the flash memory.. and the hard drives are used only to store video... very easy to manage and not susceptible to any virus attacks nor require any typical OS based updates...

    Leave a comment:


  • bosley
    replied
    Updates?

    Hi,

    I've been following this thread since i joined the forum. I was wondering if there are any update available. I've wanted to get a dvr. But if the dvr is going to "call home", I want to know the necessary steps in preventing it from happening.

    Thanks

    Leave a comment:


  • N. A. Corbier
    replied
    Originally posted by Robocoach View Post
    You mean like Microsoft Outlook? Even passwords are plaintext.
    Back on the subject, I'm as curious as anyone to see what these things are sending out. Maybe I'll get lucky and capture evidence of a backdoor.
    It may be a while before I actually have a chance to bench test one of these DVR's, but I'll post any updates.....
    To get off the subject, my data is rarely sent plaintext, especially passwords. I use services that explicitly support IMAP and POP3 secure mode, so that my passwords, email, and other data is sent through an SSL tunnel.

    Well, that, and I don't use Outlook - Windows has enough security holes without adding more.

    On the subject... It almost makes me want to buy one of these DVRs and put it on a line just to see what it does when its booted up.

    Leave a comment:


  • Robocoach
    replied
    If its transmitting plaintext... Oh boy.
    You mean like Microsoft Outlook? Even passwords are plaintext.
    Back on the subject, I'm as curious as anyone to see what these things are sending out. Maybe I'll get lucky and capture evidence of a backdoor.
    It may be a while before I actually have a chance to bench test one of these DVR's, but I'll post any updates.....

    Leave a comment:


  • N. A. Corbier
    replied
    Like most open source projects when they get popular (GAIM anyone?), the name had to be changed.

    It would be very interesting to see what these packets are. Especially if they're not ssl'ed or an ssh connection. I'm hoping we won't learn much about content due to SSH tunnel, or at least an SSL'ed HTTP session.

    If its transmitting plaintext... Oh boy.

    Leave a comment:


  • Robocoach
    replied
    Contact Jack Gin, [email protected] as soon as possible for reliable information.
    Geoff, with whom should he speak besides Jack?
    I emailed Mr. Gin the other day after seeing the above suggestion to do so, but have not heard back yet. Gathering from the CCTV website, he is probably a busy guy. If he responds, great, if not, I understand.

    Before we answer “why” are these DVRs dialing home, lets restrict them to do so in the first place.
    I agree totally. We were fortunate to see this device hitting our firewall, but others may not be aware of this happening or that it can happen. I don't recall seeing any notices in their documentation stating this could/would occur, and it raises a lot of questions as you can guess. It seems possible to me that these devices are manufactured in a region with different social expectations where it may be presumed OK for a "call home", but a company sophisticated enough to make such a product and market it in the USA should be aware of the message this action conveys. Therefore I am suspicious of it.

    To their credit, Nuvico is working on a patch for this. If this becomes the default (no call-home) or if this patch has to be applied on a per-DVR on-request basis or otherwise has yet to be seen.

    When I was configuring one of the units for the first time, I did notice an IP address (if I recall correctly) of 211.som.eth.ing preconfigured where the box is told to get its time sync information. I thought that was curious, but dismissed it knowing this address would go nowhere on our network anyway, and promptly overwrote it to our NTP server address. I'll have to doublecheck another brand new unit to see if that default IP was the IP given earlier in this thread of 211.55.33.221.

    To be clear, the box we had hitting our firewall had its default NTP IP address changed from the default, so it was not NTP requests we were seeing, but the box trying to do something else.

    ----------------------

    As for the packet sniffer Wireshark, I didn't know Ethereal had been renamed. Ethereal has served me well in the past. I'll get Nmap too as suggested. Somehow I'll need to force an internal error to initiate a "heath check call home" to capture packets, but that bridge will be crossed when I get to it. This testing will need to be done to verify any patch that gets applied, and of course I want to see what these things are sending out now anyway. Hopefully this will save everyone involved potential grief in the long run.

    Leave a comment:


  • MetzLyov
    replied
    Interesting topic... and here is my “2 cents”...

    Before we answer “why” are these DVRs dialing home, lets restrict them to do so in the first place. This was a parameter of DVRs few years ago that each major manufacturer wanted to keep track where their DVRs were installed. Their main explanation was that they could track down DVRs that were “missing” or “misplaced”... Of course that was not the main reason... They all wanted to replicate what Microsoft has been and still is doing by forcing people to pay for additional licenses or restrict usage of their license more than once... But you also know that sometime your computer fails and instead of purchasing a new computer, you can have the old one repaired and then you can reinstall your old operating system... and then you have no choice to contact Microsoft again to explain what happened... There may be nothing wrong with this thought process, but it should be fully explained to the public before implemented.

    With much needed push with each and every major CCTV manufacturer, most of them removed this “feature”... and few still keep them..

    If you recall, even Intel started doing the same few years ago when they purposely opened the transmission of the serial numbers of their processors via Internet, which they claimed does reduce theft of their products in computers or reducing the theft of the computers.. That did not last long, but even now, you have the option to have their processors to “publicize” their existence or not by making such a adjustment in the BIOS...

    Nowadays you can install piece of software with any computer that will identify its location (via IP publication through Internet), but that is and should be anyones choice and not an integrated part of the product...

    That brings me back to the problem described above... Any manufacturer that forces this “feature” should stop doing so or their sales will reflect their intent.... I myself is totally against it, as it should be a choice for the user and not someone's corporate agenda... This way if corporations want to track their equipment, they can and they should, but does not mean everyone must follow the same trend...

    After all, last time I checked, we still live in U.S...

    Leave a comment:


  • N. A. Corbier
    replied
    Originally posted by SIW Editor View Post
    Bill, I don't think Jack would be the best person to respond since he's not manufacturing these DVRs and I don't think makes any DVRs for that matter (fwiw, they make infrared illuminators and cameras for low-light/no-light surveillance). As I noted before, I would go directly to the manufacturer's tech staff about these backdoor communications. Definitely let the forum members know what they say. I'm curious about this DVRstation website, since it does look like it's not solely for hardware "health checks", but also for live video monitoring.
    This DVRStation thing looks like a "feature" looking for a problem. I don't know what the laws of the country of South Korea are, but they have your data if you let them.

    Leave a comment:


  • N. A. Corbier
    replied
    Originally posted by Robocoach View Post
    We have installed several Nuvico DVR's (NVDV4-16000), and are getting many more because we feel they are a good value. However, we discovered one of them "phoning home" (but hitting the firewall), and going to the same website (dvrstation.com) as mentioned above. What is disconcerting is that the verbage on the website almost implies they are a repository for the video as well and not just health information.

    Because of this "feature" is not listed in any of their literature, I'm also wondering if these units have back doors into them. Anyone know of a good freeware port scanner?
    Stick a box on the network, same subnet, behind the firewall. This box can be running Windows 2000 or Windows XP. Download the program "Wireshark," which used to be called "Ethereal." There is a windows port of this program, use that one. Then download a program called "nmap."

    Wireshark is the free and open source packet collector and analyzer. That'll let you watch what the thing is doing, and take captures.

    nmap is a very useful free and open source program that can do something as simple as port scan, down to interrogating IPs to detect OS version or service version numbers.

    I would be interested in seeing any packet captures (sanitized) that these boxes generate.

    Leave a comment:


  • SIW Editor
    replied
    Originally posted by Bill Warnock View Post
    Contact Jack Gin, [email protected] as soon as possible for reliable information.
    Geoff, with whom should he speak besides Jack?
    Enjoy the day,
    Bill
    Bill, I don't think Jack would be the best person to respond since he's not manufacturing these DVRs and I don't think makes any DVRs for that matter (fwiw, they make infrared illuminators and cameras for low-light/no-light surveillance). As I noted before, I would go directly to the manufacturer's tech staff about these backdoor communications. Definitely let the forum members know what they say. I'm curious about this DVRstation website, since it does look like it's not solely for hardware "health checks", but also for live video monitoring.

    Leave a comment:


  • Bill Warnock
    replied
    Originally posted by Robocoach View Post
    We have installed several Nuvico DVR's (NVDV4-16000), and are getting many more because we feel they are a good value. However, we discovered one of them "phoning home" (but hitting the firewall), and going to the same website (dvrstation.com) as mentioned above. What is disconcerting is that the verbage on the website almost implies they are a repository for the video as well and not just health information.

    Because of this "feature" is not listed in any of their literature, I'm also wondering if these units have back doors into them. Anyone know of a good freeware port scanner?
    Contact Jack Gin, [email protected] as soon as possible for reliable information.
    Geoff, with whom should he speak besides Jack?
    Enjoy the day,
    Bill

    Leave a comment:


  • Robocoach
    replied
    We have installed several Nuvico DVR's (NVDV4-16000), and are getting many more because we feel they are a good value. However, we discovered one of them "phoning home" (but hitting the firewall), and going to the same website (dvrstation.com) as mentioned above. What is disconcerting is that the verbage on the website almost implies they are a repository for the video as well and not just health information.

    Because of this "feature" is not listed in any of their literature, I'm also wondering if these units have back doors into them. Anyone know of a good freeware port scanner?

    Leave a comment:


  • SIW Editor
    replied
    Originally posted by tl89b
    Has anyone found their DVR sending packets to Korea? We have 3 Weldex DVR's. One tries to send data to 211.55.33.221 every 5-6 minutes. the IP address is for DVRstation.com and has been doing so since install. The other two are not attempting this and do not appear set up any different..
    The mfg claims to have no idea...thx
    I'm certainly not the best expert on this, but DVRStation seems to be a service for status reports on DVRs (possibly sending data to say, "I'm the DVR and I'm working just fine", or could be telling, "I'm the DVR and I've got a bad sector on my drive"), however, I know nothing of this DVRStation.com service (or whether it's legitimate), and you'd be well-advised to have your dealer/integrator look into this and check to see whether this is permissible or not -- and if it can be disabled if you'd prefer.

    If you bought this equipment as a self-install, you may want to contact Weldex directly to find out whether this is normal. Here's a link to their "support' page: http://www.weldex.com/index.cgi?p=support

    Leave a comment:

Leaderboard

Collapse
Working...
X