I’ve done a few videos on home security cameras but other than the obvious hackability and repurposability we haven’t really talked about why you would want to hack your camera and still use it as a camera. Well let’s do this!

 

Hey guys its josh with the WL Tech Blog, welcome to another video. Today we’re talking about ip cameras and why you want to hack them with custom firmware. Before we get started I want to just say that there are a lot of brands of this sort of gear, Amazon has Ring, Google has Nest, there’s Wyze, there’s Wansview, theres dozens even hundreds of brands of this stuff, and in my opinion they all have the same flaws.

 

Reason 1: It’s Fun

 

This one is kind of self explanatory. If you’re interested in electronics, hardware hacking, little linux boxes and things like that, putting your own custom firmware on a camera is a really fun experience and a great step to more complex shenanigans. Plus, if you’re still learning the basics like soldering, flashing firmware, and connecting to UARTs, you’ll be a pro in no time. And when you’re done you’ve got a little linux box with interesting and useful features to use for your own purposes and experiments. If you’ve been on my channel before I’ve got several videos on hacking cameras and there are multiple cameras on my desk being hacked as I write this, so if you’re in this for fun make sure to subscribe so you don’t miss those!

 

Reason 2: It’s cheaper

 

All of these cameras share a similar business model.. You buy a camera that’s relatively affordable, and then you pay a subscription every month for it to do anything useful. Storing your video recordings on the cloud, making them available to you from an app, these can sound like nice features but they’re not free and can become quite expensive. As an example, Amazon’s basic Ring service for 2 more more cameras will run you a hundred bucks a year. Now I will be fair to them, there may be some level of convenience that makes their subscription sound worthwhile, but cost isn’t the only downside you need to be aware of. All of the features they offer with their subscription are also available in open source, self hosted alternatives, and we’re about to talk about why you want them.

 

Reason 3: You want to use your cameras in ways the manufacturer doesn’t support

 

These cheap security cameras are really one trick ponies, but they don’t have to be. Many brands don’t even support local storage of videos, forcing you to use their cloud product. And maybe you have exciting uses in mind, like re-purposing the camera for a low latency live video feed for flying a rc model in first person view. You bought the camera, you own it, and you should be able to use it for whatever purposes you want. 

 

Reason 4: It’s YOUR data, right?

 

So now we’re getting into the less consumer friendly aspects of commercial camera solutions. It’s well documented, and this is not limited to one vendor, that the service providers will use your camera footage for purposes you would rather they didn’t. Even without being specifically nefarious, there are countless examples of camera service providers disclosing video to third parties, including law enforcement, voluntarily and without a warrant. While the companies generally claim that the need must be exceptional before providing it, they are also intentionally vague about what constitutes being exceptional. This is no conspiracy theory, the companies have admitted doing so. I’ll link a few articles below but let me quote this one from the EFF:

Before this latest admission, Ring has faced other controversies about the way it facilitates police access to user footage. Ring had enabled police to send bulk requests directly to many device owners over a large area. Police did so at a staggering level: in  2020, for example, police requested videos over 20,000 times. In 2021, however, Ring caved to activist pressure and changed how police send requests, requiring them to publicly post them to the Neighbors app, which shed important light on these requests.

 

And another from Consumer Reports:

 

“Nobody is telling Amazon, Google, Eufy, and others that they’re required to share user video with law enforcement,” says Anna Bonesteel, strategic response manager for the privacy advocacy group Fight for the Future. “The federal law cited by Google states that companies ‘may’ disclose customer records without permission. It doesn’t say they ‘must.’”

“But these companies are giving up private video to the police anyway—without a warrant, without permission, and without notification,” they added.

In addition to the video footage, these cameras are able to record audio conversations clearly up to 25 feet away, potentially recording the private conversations of neighbors and passers-by.

And this is one of the common problems we have with cloud services, the blurred line of who owns and has rights to your data. If your cameras were recording directly to your own storage system in your own home, third party access would not be possible without consent or at least physical possession of the devices. If police wanted access to your cameras or recordings for an investigation, they would need to ask you for it politely or show up with a warrant. You expect a certain level of privacy within your own home but the reality is when you invite a third party in, and that’s exactly what you’re doing with these cameras, that expectation no longer holds. And that brings us to the next point.

 

Reason 5: Holy Crap Is This Real?

 

Honestly I have to significantly censor this subject because the reality is not youtube friendly… There are some other videos that may go a bit deeper on this but my channel is purposely family friendly and so we have to dance around it a bit. But let’s get right to the point: if you put a camera up and that camera is sending video to a third party, there is no expectation of privacy.  Lots of people are adding security cameras to the outside of their home, but a huge number are adding them to the inside as well. You might love the idea of a baby monitor you can watch while at work, but what if you weren’t the only one able to watch it? What about a security camera in your living room? In your bedroom? In your bathroom? These are all common placements for cameras, and there are way too many stories about both employees of security camera service companies and their subcontractors but also hackers obtaining unauthorized access to the devices and viewing or recording personal, intimate, and otherwise private footage from customers’ devices and their families, including their children. I’m not going to go into any more detail on  this topic in this video but I will have a few related links below where you can get more information and suffice to say that the worst things that you can think up are exactly the sort of things that have happened. 

So now what?

 

Now of course I can’t tell you all the bad things without offering up some solutions, otherwise I’d just be an old man yelling at clouds. So I’m a big fan of free and open source software, and I’d only recommend closed source stuff when there is just no alternative. So let me introduce you to OpenIPC. OpenIPC is a mostly open source firmware alternative for many IP cameras, that frees your camera from the shackles of the manufacturer. OpenIPC is a Linux based firmware that provides basically all the features you need from your cameras, including multiple push and pull methods to access the stream. I say mostly open source as there is one piece of it that sadly is not, the program that actually pulls the stream from the camera and serves it up in whichever format. Alternatives are being created but as of today there is no reasonable alternative.

 

With OpenIPC you can integrate your cameras with any media software that supports its standard stream formats, including a list of desktop and web based applications, both free and open source as well as some proprietary options. 

 

I’ll talk more about some of these options in the next video where we actually set up and use our own solution with just open source and self hosted software, so make sure to subscribe to take that next step with me. There’s even some custom software development we’re gonna do to make sure we’re not leaving features on the table when rolling our own solutions.

 

In my first hardware hacking video, we took a cheap $10 webcam and turned it into an openipc camera with a usb wifi adapter and I’m still having a lot of fun with that one, but I’m also modifying a bunch of different IP cameras from amazon, ebay, and thrift stores. Some are easier than others and I hope to be able to share a beginner friendly option for everyone who wants to get into the hobby or who just wants to escape all the problems we discussed here by deploying their own solution.

 

Well that’s it for this video. Make sure to subscribe to continue the series with me. Also, If you’re a fan of tech projects, hardware hacking, and little linux boxes, come check us out at discord, link below. We’ve even developed our own single board computer based on the MIPS architecture we call the teacup tinkerboard. Have a great week and we’ll see you next Friday!