“Gettin’ Digoo with it” pt1

Recently Amazon.co.jp had a sale on a Digoo BB-M1X  from 4999 to 3999. It ticked all the boxes at a price point that seemed good if said boxes were ticked and included Prime delivery

vpw0ogIXR3C4._UX970_TTW_I’m not quite sure what they are going for with the slogan there #lostintranslation

  • MOTION DETECTION: As this is my 5th IP camera I am quite aware that any motion detection will most likely be terrible it was still something I wanted for the moment before I install Zoneminder in a Freenas jail, or get another solution.
  • MICRO SD SLOT: Self explanatory, however my earlier IP cams didn’t come with any.
  • Over 720p: This will for the moment serve to observe the front of the house. I would like to get a good view of the cars and faces of the numerous people coming to our door. (Yamato, Sagawa, Japan post, suspicious water people, nosy neighbours)
  • NIGHTTIME InFRARED: Same as above
  • RJ-45: This was important as I had tried out some cameras before which didn’t have a physical network port and they all relied far too heavily on the cloud for everything. My reasoning goes that if there is no RJ45 Manufacturers will make the install as simple and thus (insecure) as possible.
  • ONVIF: With my recent interest in Home Assistant HASS.io I wanted this camera to be ONVIF ready and compatible. Which is clearly stated.

Camera test connected to a network. There is no http port to connect to for setup. You are forced to use the app. I hate doing that as I have to my wifi password, for the moment I had created a temporary SSID with a spare Buffalo with DD-WRT and temporary password on a different subnet.

Doing so allowed me to get the wired and WIFI Mac addresses to assign static IP addresses in PFSENSE to then completely block the IP camera’s access to the internet.
One peculiarity was that FING found the mac addresses and resolved them with different company names. A minor thing most likely (part availability) but note worthy to me.

IMG_5803

A more worrying issue that FING found was the open telnet port which gives unprotected root access(more later)

img_5801.jpg

In the mean time I downloaded the app “DigooEye” downloaded and the Digoo BB-M1X setup, it started to connect to servers scattered all over the world.

224.0.0.22 IGMP protocol
47.89.254.156 Alibaba.com LLC
47.91.93.96  Alibaba.com LLC
47.96.176.66  AS37963 Hangzhou Alibaba Advertising Co.,Ltd.
49.51.39.15 AS132203 Tencent Building, Kejizhongyi Avenue
54.255.195.121 AS16509 Amazon.com, Inc.
60.205.107.59 AS37963 Hangzhou Alibaba Advertising Co.,Ltd.
101.132.102.253 Aliyun Computing Co., LTD
119.23.138.159 Aliyun Computing Co., LTD
120.77.174.43 Aliyun Computing Co., LTD
121.43.181.184 AS37963 Hangzhou Alibaba Advertising Co.,Ltd.
123.206.9.74 AS45090 Shenzhen Tencent Computer Systems Company Limited

81ZpjGChlGL._SL1200_Is this what they are automatically doing? #connectingpeople

I’m not opposed to the idea that the camera connects to some servers if I knew why, but I do oppose this not being written anywhere and without explanation even when searching. In this day of facebook data mining scandal and over rampant data mining, why just give away more information for free, I prefer to keep my info my own.

The setup worked, the block worked. Re-setup the camera on my main network denying it internet access. Currently it sits on my network querying my router for DNS access at port 53. The other functions seem to work unlike a past experience with a terrible 180degree panoramic camera…

part 2…

2 thoughts on ““Gettin’ Digoo with it” pt1

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s