IoT Devices Are Secretly Phoning Home

An anonymous reader writes: A popular internet-enabled security camera "secretly and constantly connects into a vast peer-to-peer network run by the Chinese manufacturer of the hardware," according to security blogger Brian Krebs. While the device is not necessarily sharing video from your camera, it is punching through firewalls to connect with other devices. Even if the user discovers it, it's still extremely hard to turn off. Krebs notes that the same behavior has been detected in DVRs and smart plugs -- they're secretly connecting to the same IP address in China, apparently without any mention of this in the product's packaging. One security researcher told Krebs the behavior is an "insanely bad idea," and that it opens an attack vector into home networks.

DDNS

[110010001000]

This "secret network" is a "DDNS network" so you can more easily connect to your camera from the Internet. Clickbait.

Total FUD

[Theaetetus]

Just because something says P2P doesn't mean it "connects to a vast peer-to-peer network". These particular cameras are made to work with a smartphone or tablet app: the camera connects to the company's servers to tell them its IP address; your tablet connects to the server to find out the IP address of your camera; and then your tablet and the camera establish a peer-to-peer connection, so that none of the video travels via the company's servers.

That's it - the two peers are your camera and your mobile device, not some fast torrent network or something.

Now, sure, this could've been documented better, but Krebs should also know better than to jump to hyperbole based on two letters and a number in a configuration screen.