Security question
39 views
Skip to first unread message
Joseph Henley
Apr 5, 2024, 10:04:07 PMApr 5
to Camect User Forum
Hi,
I have my android tablet running the Camect app; it connects via my home wifi to the internet. I use the tablet app mostly at night to check the perimeter before going to sleep. [The wifi is a guest network on a private vlan. The tablet is on another guest network on a different vlan; and there is a firewall "hole" to allow the specific tablet to access the specific Camect hub.]
A couple of days ago, I was on vacation in another state and was checking my e-mail (Gmail). I absent-mindedly checked the Camect app and it worked. I could access the alerts and the active cameras. Clearly not a connection to my home wifi. How could this happen, and how do I prevent it in the future.
Might being logged into Goggle mail have provided the link? Any suggestions appreciated.
Joe Henley
I have my android tablet running the Camect app; it connects via my home wifi to the internet. I use the tablet app mostly at night to check the perimeter before going to sleep. [The wifi is a guest network on a private vlan. The tablet is on another guest network on a different vlan; and there is a firewall "hole" to allow the specific tablet to access the specific Camect hub.]
A couple of days ago, I was on vacation in another state and was checking my e-mail (Gmail). I absent-mindedly checked the Camect app and it worked. I could access the alerts and the active cameras. Clearly not a connection to my home wifi. How could this happen, and how do I prevent it in the future.
Might being logged into Goggle mail have provided the link? Any suggestions appreciated.
Joe Henley
Arup Mukherjee
Apr 5, 2024, 10:17:13 PMApr 5
to Joseph Henley, Camect User Forum
The app is designed to work from anywhere if the hub has outbound access to the internet. Most of the time, Webrtc can make a direct connection between the app and the hub, and if that fails it can fall back to sending an end-to-end encrypted data stream through a cloud relay.
There's no way for you to turn this off short of blocking access from the hub to the internet at your firewall -- but if you do that you'll have other problems too, e.g. the hub won't get software updates, and the time will not be kept up-to-date, etc. If you really want to, you can try limiting the range of ports used by outbound webrtc connections (which you can specify in settings > show advanced settings) and then have your firewall block traffic on those ports. Use the highest part of the range to avoid conflicts with other services.
A better approach, if you're comfortable with still having remote access under some conditions, might be to instead set an "extra password" on your account, in the users tab. That password is kept only on your hub, and is never sent off the hub ... It will be required for all accesses, and there's no way that anyone else other than you could know it.
--
You received this message because you are subscribed to the Google Groups "Camect User Forum" group.
To unsubscribe from this group and stop receiving emails from it, send an email to forum+un...@camect.com.
To view this discussion on the web visit https://groups.google.com/a/camect.com/d/msgid/forum/c07f5a96-9bba-4b6b-a75e-9c722f3518e8%40gmail.com.
Reply all
Reply to author
Forward
0 new messages