DZone
Thanks for visiting DZone today,
Edit Profile
  • Manage Email Subscriptions
  • How to Post to DZone
  • Article Submission Guidelines
Sign Out View Profile
  • Post an Article
  • Manage My Drafts
Over 2 million developers have joined DZone.
Log In / Join
Refcards Trend Reports Events Over 2 million developers have joined DZone. Join Today! Thanks for visiting DZone today,
Edit Profile Manage Email Subscriptions Moderation Admin Console How to Post to DZone Article Submission Guidelines
View Profile
Sign Out
Refcards
Trend Reports
Events
Zones
Culture and Methodologies Agile Career Development Methodologies Team Management
Data Engineering AI/ML Big Data Data Databases IoT
Software Design and Architecture Cloud Architecture Containers Integration Microservices Performance Security
Coding Frameworks Java JavaScript Languages Tools
Testing, Deployment, and Maintenance Deployment DevOps and CI/CD Maintenance Monitoring and Observability Testing, Tools, and Frameworks
Culture and Methodologies
Agile Career Development Methodologies Team Management
Data Engineering
AI/ML Big Data Data Databases IoT
Software Design and Architecture
Cloud Architecture Containers Integration Microservices Performance Security
Coding
Frameworks Java JavaScript Languages Tools
Testing, Deployment, and Maintenance
Deployment DevOps and CI/CD Maintenance Monitoring and Observability Testing, Tools, and Frameworks
  1. DZone
  2. Data Engineering
  3. IoT
  4. Analyzing Security of a Video Doorbell

Analyzing Security of a Video Doorbell

What level of security does a video doorbell offer? Let's take a look.

Christopher Lamb user avatar by
Christopher Lamb
CORE ·
Nov. 28, 18 · Analysis
Like (1)
Save
Tweet
Share
5.64K Views

Join the DZone community and get the full member experience.

Join For Free

In my last article, I found that some unknown device has a group of interesting services, including what seems to be an emergency alert service running on port 80, RPC running on port 111, and ZeroMQ running on port 5555. Let's see if we can narrow down the devices a bit more.

My network is interesting in some ways — I live in an Adobe house, and Adobe is about as transparent to radio as lead. So, I have a bunch of additional access points scattered throughout the house. When I scan my 192.168.1.0/24 range, I'm able to see all the devices on my network as I've configured my access points to pass through authentication and DHCP to my primary router. My primary router doesn't seem to know everything that's running on that subnet though as it thinks I only have 11 devices attached. NMAP tells me otherwise — it's able to scan 15 hosts. Something to note here is that you might have more on your networks than you think if you're using extenders as I do. From looking at the device map, it seems that my primary router doesn't know what's running behind the various extenders (in some cases at least).

I also have multiple IP addresses associated with the same MAC address. In these cases, it seems that the IP addresses tied to the same MAC address are behind one of my extenders or access points:

# Nmap 7.70 scan initiated Sat Nov 17 08:51:45 2018 as: nmap -sn -oA probe 192.168.1.*
Nmap scan report for picklehead (192.168.1.1)
Host is up (0.0024s latency).
MAC Address: 48:F8:B3:E5:BA:04 (Cisco-Linksys)
Nmap scan report for hedwig (192.168.1.101)
Host is up (0.089s latency).
MAC Address: 24:A0:74:F2:F6:76 (Apple)
Nmap scan report for errol (192.168.1.103)
Host is up (0.089s latency).
MAC Address: B8:E8:56:38:7A:74 (Apple)
Nmap scan report for RE7000-02D (192.168.1.107)
Host is up (0.027s latency).
MAC Address: 26:F5:A2:08:D0:30 (Unknown)
Nmap scan report for RE7000-031 (192.168.1.112)
Host is up (0.0030s latency).
MAC Address: 24:F5:A2:38:D0:31 (Belkin International)
Nmap scan report for 192.168.1.116
Host is up (0.0054s latency).
MAC Address: 24:F5:A2:03:DF:A6 (Belkin International)
Nmap scan report for DIRECTV-HR54-7D402CBE (192.168.1.120)
Host is up (0.088s latency).
MAC Address: 26:F5:A2:08:D0:30 (Unknown)
Nmap scan report for ChloesIperatice (192.168.1.122)
Host is up (0.14s latency).
MAC Address: B8:17:C2:02:5D:DF (Apple)
Nmap scan report for 192.168.1.128
Host is up (0.075s latency).
MAC Address: 26:F5:A2:08:D0:30 (Unknown)
Nmap scan report for 192.168.1.131
Host is up (0.15s latency).
MAC Address: 26:F5:A2:08:D0:30 (Unknown)
Nmap scan report for ChloesIleDevice (192.168.1.135)
Host is up (0.14s latency).
MAC Address: 00:56:CD:39:E6:76 (Apple)
Nmap scan report for HPEC8EB5190708 (192.168.1.138)
Host is up (0.075s latency).
MAC Address: EC:8E:B5:19:07:08 (Hewlett Packard)
Nmap scan report for TSVE0affa3 (192.168.1.147)
Host is up (0.0035s latency).
MAC Address: B8:2C:A0:0A:FF:A3 (Honeywell HomMed)
Nmap scan report for durga (192.168.1.134)
Host is up.
# Nmap done at Sat Nov 17 08:51:51 2018 -- 256 IP addresses (14 hosts up) scanned in 5.14 seconds


You can see the common MAC address 26:F5:A2:08:D0:30 associated with a DirecTV device, two of the unidentified devices, and this RE7000-02D device. It just so happens that the RE7000 is a Linksys range extender, and it's the range extender that I'm using in the room where the TV, DirecTV box, and doorbell equipment is (I also have one of those nifty Ring video doorbells). At this point, it seems that two of the mystery devices are my doorbell (at .128) and my doorbell base station (at .131).

I'm still interested in the traffic between the two and from the base station out to various Ring servers, especially as my doorbell has a video camera. Let's start to dig into that next. Stay tuned!

MAC address security Network IT House (operating system) Host (Unix) Dig (command) ZeroMQ Pass (software)

Opinions expressed by DZone contributors are their own.

Popular on DZone

  • How To Generate Code Coverage Report Using JaCoCo-Maven Plugin
  • How and Why You Should Start Automating DevOps
  • PHP vs React
  • RabbitMQ vs. Memphis.dev

Comments

Partner Resources

X

ABOUT US

  • About DZone
  • Send feedback
  • Careers
  • Sitemap

ADVERTISE

  • Advertise with DZone

CONTRIBUTE ON DZONE

  • Article Submission Guidelines
  • Become a Contributor
  • Visit the Writers' Zone

LEGAL

  • Terms of Service
  • Privacy Policy

CONTACT US

  • 600 Park Offices Drive
  • Suite 300
  • Durham, NC 27709
  • support@dzone.com
  • +1 (919) 678-0300

Let's be friends: