Amcrest products and KRACK vulnerability

Any major updates coming, Upcoming Software, General Security advice for others and topics alike Post them here so other users can chat with you.
wekebu
Posts: 3
Joined: Tue Mar 21, 2017 9:42 am

Re: Amcrest products and KRACK vulnerability

Post by wekebu »

Neptune wrote:Just looking at Amazon I have found Amcrest cameras as high as $775 and Arlo cameras as low as $84. So, there is definitely an overlap in the price range. Netgear has stated they will be patching the Arlo cameras automatically. I don't own one, so I cannot tell you if they have pushed the update yet or not. If they have patched it, yeah, I would be better off in this regard. I do not care to have an Arlo camera though.
I haven't looked at them, but your post makes me want to purchase Arlo cameras. I have a Netgear router, about 2 years+ old right now and they've done a great job of keeping it up-to-date. Why don't you care to have an Arlo?
Edit: my apologies, didn't want to hijack the conversation. Please ignore, I'll go look at them.
rdkls
Posts: 13
Joined: Tue Oct 17, 2017 11:08 am

Re: Amcrest products and KRACK vulnerability

Post by rdkls »

@Neptune, t84a's whole debate platform is pure conjecture; (s)he has shown that (s)he is doesn't fully (or isn't willing to) understand or accept the risk/flaw at hand. Because I appreciate reciprocation, I typically try to be helpful; that being said, I pump the brakes when I sense close-mindedness.
rdkls wrote:...those of us with our heads on straight, that understand the history and implications of not only the risk/flaw at hand, but also understand Amcrest's history and supposed mission statement... well, we do care...
Neptune
Posts: 13
Joined: Mon Oct 16, 2017 4:41 pm

Re: Amcrest products and KRACK vulnerability

Post by Neptune »

@rdkis, thank you. I appreciate you chiming in to share your knowledge and concern, as well as pointing out conjecture where you see it. Looking at posts of t84a in other threads, I get the impression that they are usually trying to be helpful to this forum and that is great. However, in this thread they have been dismissive of the concern, and worse quoting legitimate source material while at the same time ignoring the context and implications of the issue at hand. I do not want someone else reading the thread to get the wrong impression about this vulnerability, nor do I want Amcrest to think that it is okay to ignore this just because some other companies have not yet addressed it or someone said these cameras are less vulnerable to this issue than they are.
InspectorMonkfish
Posts: 2
Joined: Fri Oct 27, 2017 6:12 am

Re: Amcrest products and KRACK vulnerability

Post by InspectorMonkfish »

So in layman’s terms, what is the state of play here?

Unless I have missed something, it seems Amcrest are failing to acknowledge the need to address the issue? If this is the case it’s highly irresponsible for a company selling security equipment that is open to compromise. We have four cameras and I’m wondering whether we should write off the cost and buy from a more competent supplier.
rdkls
Posts: 13
Joined: Tue Oct 17, 2017 11:08 am

Re: Amcrest products and KRACK vulnerability

Post by rdkls »

For the time being, I have removed Amcrest from my offering for the smaller environments that I work with who absolutely require wireless IP cameras (PoE is a far more secure solution). I have also strongly suggested that admins in these environments disable the wireless function on these cameras where possible.

While I'm not a big fish in terms of revenue generation for Amcrest (they won't lose sleep over this), it's not looking good for them (Amcrest) making it back into that offering line-up on my end. The lack of acknowledgement/disclosure was a bit of a nail in the coffin for me.
entresec
Posts: 6
Joined: Fri Oct 27, 2017 11:47 am

Re: Amcrest products and KRACK vulnerability

Post by entresec »

I registered on the forum specifically for this issue. As others have said, this is a huge security issue that needs addressing asap. When can we get a "date for a date" meaning when will Amcrest let us know their stance on this issue and what models are being patched if applicable?

I'm currently in a build out of my smart home, to include security cameras. I own one Amcrest camera today with at least two more purchases waiting. I will not be purchasing Amcrest products until a more formal response to this issue is posted.
InspectorMonkfish
Posts: 2
Joined: Fri Oct 27, 2017 6:12 am

Re: Amcrest products and KRACK vulnerability

Post by InspectorMonkfish »

Thanks for the replies. I do think this is where we part ways. Apart from the quality of the recordings I have not had a single good experience with these blasted cameras and I begrudge supporting a company thats is either clueless or careless when it comes to their products' security. Frankly their cameras appear in no better shape than some useless and crappy IoT device like a wireless door handle from a two-bit back street company that ships with a default admin/admin config.
sashk
Posts: 7
Joined: Sat Oct 14, 2017 6:32 am

Re: Amcrest products and KRACK vulnerability

Post by sashk »

Well, this is where I shutdown the camera, put it into trash can and start telling everyone to avoid forscam, amcrest and rest of the gang as they failed to address KRACK vulnerability.
markplewis
Posts: 45
Joined: Fri Sep 02, 2016 12:41 pm

Re: Amcrest products and KRACK vulnerability

Post by markplewis »

Anyone who expects Amcrest to address this issue in a timely manner is very, very high. And the person who described Amcrest as "a security-centric company" practically made me blow coffee out of my nose.

Amcrest is a poorly-run organization that's without mature software development methodologies and routinely makes promises they have no intention (or the ability) of keeping. When they do release firmware updates, they're fraught with bugs and often break more than they fix. If you are truly concerned with KRACK, I sincerely suggest you replace every Amcrest product in your home with something from a reputable manufacturer. Amcrest will NEVER fix the KRACK vulnerability. Hell, despite constant user outrage, it's been more than two years and we're still required to use plug-ins to view and configure our cameras when using the most popular browsers in the world. Sorry guys, you're being hopelessly naive if you expect Amcrest to do the right thing here. They won't. Ever.
rdkls
Posts: 13
Joined: Tue Oct 17, 2017 11:08 am

Re: Amcrest products and KRACK vulnerability

Post by rdkls »

@markplewis my statements regarding them being a security-centric company were merely a deduction of their supposed mission statement that I wrongly took at face value. It was said to imply that the type of behavior they're exhibiting is a bit of a joke for a company who touts their security measures, especially after their history with the Foscam product.

We're on the same wavelength.
Locked