Why should we care about it?

Well, for many reasons we deploy webcams at home. For me, I deployed one webcam above my baby's crib cause he prefers sleeping alone and we don't want to annoy him while checking if he sleeps well or not.

But nowadays webcams are 'fancy' compared to the ones I bought 2 years ago. They are 'fancy' because you can visit from your office or even the other side of the earth as long as you have internet access. So bad guys can also peek your home via the internet.

I experienced several times when I found someone controlling my webcam's pan-tilt at midnight, simply with the bold purpose of finding something interesting. And I realized that my home is invaded. So I changed my password, and it dose not help. Soon another invader came.

Is there a solution? The answer is yes. And the only solution is to entirely isolate your webcam from the internet with the cost that you can only visit from home.

But if you don't connect your webcam to the internet, this 'modern' and 'fancy' webcam will not work when using their provided ios app.

Firstly let's guess how they should work.

  1. Webcam powers on. It connects to remote server (provided by web cam company), registers its unique ID, password, IP address and port. When you want to get video stream from your web cam, you simply provide the ID and password, the server will direct you connect to that IP and port. The company's server definitely will not tranfer video streaming as it will be super expensive for them to set up such server and meet huge customers' demand.
  2. The anwser is in the registered IP address. I guess your webcam reported two IPs. One is the outer IP or gate way that you got from your ISP. This IP can be visited from internet. The other one is the inner IP of your home's NAT, for example, the one starts with '192.168.1....' managed in your wireless router. In that way, if the app detects you visitting from your inner home network, it will direct you connecting this inner IP address.
  3. Also, if the app detects you visiting from internet, it will direct you connecting using the outer IP.
  4. So the solution is blocking internet visitors invading from this outer IP while firstly allowing webcam register this inner IP.

Let's do some experiments to verify our guess:

    1. Firstly, we power on our webcam as usual. Let it have access to the internet. Wait for a while, check the mobile app and we can see the video stream.
    1. Now, let's block this webcam in our router's admin page. Firstly, we search connected devices:<br/>
      search connected devices<br/>
    2. Copy the MAC address, pasted in Blocked Device List:<br/>
      Blocked Device List

    <br/>

    1. Save changes. And,done. Remember no need to reboot your webcam.

    Sometimes after a month, you can't visit the webcam anymore due to the lost of registration info in the remote server. All you need to do is to repeat to above mentioned steps.

    Following the same rule, another solution is to block the port forwarding. But for now it's fine.

    Enjoy a safer home now!