| ⚠ Note | This is an unofficial security statement not endorsed by the manufacturer. |
|---|
Security statement for IPC360 (IP camera).
Security statements are descriptions of the security posture of IoT devices or products. For more information on security statements and relevant tools, see the Toolsaf framework.
Once you have set up Toolsaf, you can run the statement with:
python ipc360/statement.pyThe IPC360 is a camera with an Internet connection. Its video and audio feed can be accessed using the companion mobile application.
Fig. The IPC360
The companion mobile application can be found here.
Toolsaf creates the following visualization for the statement:
An nmap scan performed on the device found the following ports:
| Protocol | ID | State |
|---|---|---|
| TCP | 23456 | Open |
| TCP | 34567 | Open |
The device and/or mobile application connect to these backends:
| Host | URL / IP |
|---|---|
| Tencent QQ | cgi.connect.qq.com |
| App Int | appint.ipc365.com |
| AWS | frelb-tcp-1c40d93052274680.elb.eu-central-1.amazonaws.com, ec2-18-196-115-101.eu-central-1.compute.amazonaws.com |
| Pangolin16 / Akamai | pangolin16.isnssdk.com, a387.b.akamai.net, e25691.a.akamaiedge.net |
| Time Service | time.nist.gov, ntp1.glb.nist.gov |
| RIPE NCC | ns3139115.ip-54-38-93.eu |
A Shodan scan performed on App Int found a large number of vulnerabilities.
certmitm found issues in the TLS connections between the mobile application and App Int, as well as Akamai.
- This statement is likely incomplete.