You are here

QC444 Crap

Posted this on Yahoo on how bad the QC444 DVR is

 http://tech.groups.yahoo.com/group/q_see_hack/message/100


Sorry guys, I know some of you may like your product, but I need to air out some
concerns.

No where in the manual (latest one I downloaded at least) does this say this is
a security camera. The word security is mentioned twice once on some blurb
regarding encryption and another regarding other products that are security
cameras. I mention this first because there is a lot of irony if this was a
security product.

First is the telnet issue, telnet as root with no password? This is the biggest
crime of all. But for all you modders (was going to use "hackers" but may be
interpreted as the bad type) its cool cause it gives you root access.

Second ActiveX? Really? So I am forced to use IE, but in all fairness there are
some reports that IE9 is more secure than it used to be.

Third, can't run IE9 unless you update the firmware. How cool is that, also you
get UPNP with that brand spanking new firmware.

Fourth UPNP, sure it makes port forwarding easy, too easy, do you know to limit
IP addresses you trust? Because....

Five, you know those credentials you use to access your DVR... clear text, don't
believe me? Run wireshark and look at your port 37777 traffic when you connect
to view your camera, your creds are being passed cleartext.

Six, password don't matter cause PSS can't use more then 7 characters anyway.
But that nice web interface can.

Seven, a port scan shows TCP port 554 open. That's RTSP, why no documentation
on it? But it is open.

Eight, this may have been just my system before I updated the firmware, but why
the heck did it think its IP address was 170.151.24.203 at one point... I
googled "170.151.24.203 dvr", I'll let you guys read it, was this software
produced in Minnesota?

I've removed the port forwarding for this device on the internet, I recommend
you folks do so as well.

It works well on the LAN, make sure you have egress filters, who knows, this
device may be talking to the mothership

Finally
Wonder why email was broken on this thing, was one of your reactions to open up
this device to the Internet?
Why no SDK so the community can write their own stuff?
Why no source for Linux code on this box, aren't companies sued for GPL
infractions?

Theme by Danetsoft and Danang Probo Sayekti inspired by Maksimer