Due to the overwhelming amount of questions and message I receive I will not be answering general questions (like requests for ALL the links to the STL files that were used on my build). This is not me being mean but there is too much to list. If you have a specific question then go right ahead and ask!
Links here may be affiliate links and they do NOT cost you extra to use. Please use them when you can since it helps me fund making videos by earning referral fees. I will not link products of a higher price just to make more referral fees. Products linked are ones that I have personally purchased and used in my builds.
UPDATE (10/25/2016): They are now being sold under the brand name “SkyGenius”. STAY AWAY. These are the same backdoored cameras as before. Theses are the kinds of cameras that were likely used in the DDOS attacks that took place last week. Link: https://www.amazon.com/dp/B01LZRFGXN?m=A3G20NDO3H60P2&th=1
I have been recently looking for a decent HD IP camera for keep an eye on things when I am away from home. I frequently buy items from SnagShout to review. They had this “BEW” brand camera for $52 so I figured I would give it a shot.
I bought the “BEW” 826-X 1080P IP camera and got it all setup. I started looking at the network traffic and it was sending all it’s video and audio to a server at 220.127.116.11 that is located in China. When you go to that address it takes you to the “VimTag” website and you can see this “BEW” is a re-branded CP1 from their products. I located their US support at www.VimTag.US and called them asking why it’s sending the traffic there and if it can be disabled. They told me that it cannot and when I told them it was concerning they just hung up. For reference their number is 1-800-371-2929.
I left it connected and there were multiple connections going to and from the camera. I also noticed that it was scanning the network with PING requests. I have attached a WireShark Packet capture from start to finish of the setup of the camera. The 172.16.74.0/24 network is my private LAN and the 192.168.137.0/24 is the AP that I was running off my laptop, .1 being the laptop/GW.
I will also add that if you try to run a port scan on the camera it renders it completely DOA and will not restart. I did this using Zenmap on my PC and the camera is now DOA. The paranoid part of me suspects this is to prevent seeing what it’s doing and has open. The other part of me just chalks this up to poor firmware/software on the device.
That being said I just wanted to put a quick post out there in case someone else was thinking about getting these cameras. They also do NOT work with any standard IP cam applications or DVR software, this means no RTSP or ONVIF support.
On Sunday, TeamViewer spokesman Axel Schmidt acknowledged to Ars that the number of takeovers was “significant,” but he continued to maintain that the compromises are the result of user passwords that were compromised through a cluster of recently exposed megabreaches involving more than 642 million passwords belonging to users of LinkedIn, MySpace, and other services.
I previously posted an article about the latest TeamViewer hack that has been spreading around the last few days. I myself have switched over to using AnyDesk for personal remote support (family, friends, etc) but I still had it on a few systems. I did check my logs and luckily none of my systems were accessed. However in the TeamViewer web console, I did see multiple sessions from China that were active in the last 30 days. I have since closed my TeamViewer account and notified all people that I know who use the service to uninstall it and switch to another provider.
If you need assistance checking your system for malware that the attackers could have placed on your system please call your preferred IT person or contact me through the site, I offer remote and onsite support.
Most importantly if your system has been accessed by someone else DO NOT USE THE SYSTEM! There have been multiple reports of keyloggers and other malicious software being installed from the attackers when they gained access to the system. I recommend doing a full OS installation and thoroughly going through any other drives/devices that have been connected to the PC.
TeamViewer continues to deny that they had a breach but there have been multiple users that have had proper passwords and even 2-factor authentication enabled at the time of the attack. Their system is flawed and cannot be trusted until they own up to what happened and post a 100% certain resolution to the breach.