I bought an used IP security camera on eBay, I dont know who was the previous owner. I've always thought that we can't trust 100% any firmwares/OSes that were been installed or used by someone else. We can't tell if it has been altered with malware and or spywares. Is it a recommanded practice to reflash the stock firmware on the camera before use, according to the fact that most of these devices don't have SecureBoot ?
Asked
Active
Viewed 169 times
1
-
1If you're thinking about putting an IP security camera accessible on the internet (even with secure u/p), I wouldn't unless you can show it's not horribly insecure. See my previous answer on IP security cameras: https://security.stackexchange.com/questions/79642/is-it-bad-to-have-cameras-using-a-static-ip-address/79651#79651 – Steve Sether Nov 15 '19 at 17:05
-
1The odds of the last user installing malicious malware are much lower than the odds that the person who built it simply did a poor job building security into it. It's all about the risk analysis – Conor Mancone Nov 15 '19 at 17:41
-
The camera I installed isn't exposed on Internet, it only works on my local network. I'm still uncertain about if the previous owner could have installed a modified code with malwares and or spywares. Even if the camera is only used internally, it would still be possible for a skilled attacker to append some code that would let the camera send or receive commands from a remote server ? – pmbonneau Nov 15 '19 at 20:02