• December 13, 2019, 11:06:34 PM
  • Welcome, Guest
Please login or register.

Login with username, password and session length
Advanced search  

News:

This Forum Beta is ONLY for registered owners of D-Link products in the USA for which we have created boards at this time.

Author Topic: Encrypt the stream? SSL support?  (Read 9014 times)

jdubin

  • Level 1 Member
  • *
  • Posts: 6
Encrypt the stream? SSL support?
« on: February 26, 2012, 06:27:52 AM »

I use tinyCam Pro on Android to stream my camera.  It works well enough, but I don't like that authentication details go unencrypted over whatever network I'm using.  Anyone sniffing traffic is able to get the login info for my camera, which would make it trivially easy to eavesdrop on where I have the camera setup.  Frankly, I'm very surprised this isn't a hot topic already. 

The camera seems to support SSL, but it uses an invalid certificate.  You can tell a browser to ignore the error and use the cert anyway, but most apps (including tinyCam) give an error, with no way to override it.  Even if it could be overridden, it'd still be vulnerable to anyone with access to (what I'm assuming is) this non-unique, generic certificate. 

Ideally, I'd be able to upload my own certificate to the camera, but without repackaging the firmware, that's probably not going to happen.  The other option I'm thinking of is setting up a proxy, so I could connect to the proxy via SSL and it'd relay an encrypted stream to me.  Am I overlooking any other possibilities?
Logged

alexvas

  • Level 1 Member
  • *
  • Posts: 17
    • tinyCam Monitor
Re: Encrypt the stream? SSL support?
« Reply #1 on: March 15, 2012, 04:25:23 AM »

Hi,

 I'm the author of tinyCam Monitor PRO. The app supports self signed and invalid (e.g. expired) SSL certificates. Please give me a temp access to your camera via contact form. I will check what the problem is.

  tinyCam Monitor PRO also supports digest authentication. In this case your credentials are being sent in encrypted way even via HTTP. Go in Camera Settings -> Advanced settings and switch on "Password encryption". Please note that not all cameras support digest authentication.

Best regards,
Alex.
Logged
tinyCam Monitor - complete solution for mobile surveillance for Android, BB10, and Google TV with D-Link cameras support.
Baby Monitor for IP Camera - keep an eye on your babies using D-Link cameras for iPhone, iPad.

jdubin

  • Level 1 Member
  • *
  • Posts: 6
Re: Encrypt the stream? SSL support?
« Reply #2 on: March 16, 2012, 11:47:02 AM »

I certainly didn't mean to imply that I am unhappy with tinyCam -- in fact, I think it's a GREAT app, highly recommended.  It's the camera I'm disappointed in. 

Thanks for offering to take a look!  I'll contact you shortly.
Logged

three_jeeps

  • Level 2 Member
  • **
  • Posts: 44
Re: Encrypt the stream? SSL support?
« Reply #3 on: April 14, 2012, 08:12:32 PM »

I am wondering if this issue is resolved?  I configured my 930L for port 8443, and from what I can see, I connect with both Firefox and IE with no problem.  Am I missing something?
-J
Logged

jdubin

  • Level 1 Member
  • *
  • Posts: 6
Re: Encrypt the stream? SSL support?
« Reply #4 on: April 15, 2012, 10:24:01 PM »

My understanding is that you won't be 100% safe, but it will "work" via IE/Firefox as long as you tell the browser to ignore the invalid certificate. 

The reason I question this setup is because I'm unsure how the 930L handles the certificate.  Is the certificate embedded in the firmware and generic among all 930L's?  If that's the case, someone who wants "in" can download the firmware from DLink, extract the certificate, and decode captured packets using that cert - revealing your password and streaming audio/video.  On the other hand, if the certificate is uniquely generated for each device (e.g. at first boot, during the firmware upgrade process, etc.), it'd be a LOT harder to sniff and decode your traffic. 

I anticipate folks chiming in and saying that I'm being overly concerned... but all it would take is one creep capturing packets as I check the camera via public wi-fi.  Armed with a few simple tools, that person would then have access to that cam.  No big deal if you're using it to shoot a pic of your parking lot... but it is a big deal if you're using it in, say, your home office, or anywhere you're having a private conversation.
Logged

jdubin

  • Level 1 Member
  • *
  • Posts: 6
Re: Encrypt the stream? SSL support?
« Reply #5 on: May 03, 2012, 09:28:11 AM »

For what it's worth, getting the private key is straightforward.  I was then able to decrypt the traffic using wireshark. 

That doesn't change the fact that I still can't get tinyCam to work with this camera via SSL.  Alex, if you're still lurking around here, could you PM me with an email address I can use to get in touch with you directly?  I tried to contact you via your website a while back, but I never received a response.  Thanks!
Logged