nav search
Data Centre Software Security DevOps Business Personal Tech Science Emergent Tech Bootnotes
BOFH
Lectures

back to article
Which? That smart home camera? The one with the vulns? Really?

Silver badge

It's all relative

Seeing as the entire marketplace is full of insecure products, in this case "best" probably just means "least bad".

15
6

Re: It's all relative

Are none of the smart home cameras on the market secure?

3
0
Silver badge

Re: It's all relative

Some are indeed very secure, if you unplug them, remove the batteries and bury them in concrete. And then chuck the concrete in a lake.

37
1

Re: It's all relative

There is likely one secure solution out there, in the cheaper price range.

It is called Raspberry Pi ZeroW + camera.

Closed source solutions are crap, I have them, but on independent VLAN, and with no Internet access.

We need more open source cams. Most chinese cams are running Linux anyway, so it would be trivial for the vendors to publish specs on the DSP and camera hardware, and thus let us create open firmware.

The first to do it would get lots of business, but likely would suffer from customers not upgrading their crap as fast.

12
0
Silver badge
Mushroom

Some are indeed very secure,

if you unplug them, remove the batteries and bury them in concrete.

Between the second and third step you left out chopping them up and incinerating the shards using thermite.

8
0
Silver badge

Re: Some are indeed very secure,

Apologies. Can I make up for that dangerous oversight by appending "Then take off and nuke the lake from orbit"?

8
0

common place

Sadly, this is common place with Which. I don't think I've seen them once take security into consideration with any of their evaluations or reviews of tech gear.

I don't want them to go full tinfoil hat, but it would be nice if they at least mentioned the downside to their members plugging their private life into a tech company's ecosystem. But each new potential data slurp and info leak gets an uncritical thumbs up.

It leaves me wondering what I'm missing in the other consumer goods they cover, but where I lack any expertise.

25
0
Silver badge

Re: common place

I gave up on Which? a long time ago (end of the 90s). I used to subscribe, but they started reporting on IT related products (and automotive) and there were such huge, glaring inaccuracies in what they were detailing, that I felt I couldn't trust them on anything.

And that was before we even got to the security aspects of products.

I felt, if I couldn't trust them for products that I know something about, how can I trust them on subjects I know nothing about?

29
0
Silver badge

Re: common place

I gave up on Which? a long time ago ... I felt, if I couldn't trust them for products that I know something about, how can I trust them on subjects I know nothing about?

Ditto. I recall a review of either ISPs or email providers and stated that spam wasn't a problem - when the only reason they didn't get spam was starting with a fresh address and making conclusions after just a week !

But yeah, in several areas where I had some knowledge, I couldn't help but call "bulls*t" to some of their statements.

10
0

Re: common place

Another Ditto? I found that if I read the Which forums, they were slating "Best Buy" products and recommending others. I got a very nice vacuum cleaner that way. But that taught me to take Which advice with a very large fist full of salt. I didn't even bother looking at the IT reviews to be honest.

2
0
Silver badge

Re: common place

From the Which website; "Which? test labs

Every product we test and score at Which? goes to our independent test labs to put be through its paces by qualified and experienced experts. This ensures that everything is tested fairly, impartially and consistently, so that we can continually offer the best advice to consumers."

It looks as though they need someone to test their testers.

Personally I have never been that impressed with a lot of their recommendations.

5
0
Silver badge

Re: common place

Indeed. Long, long ago I used to read Which? reports with lots of interest as a great source of information. Then I read one or two reports into subjects where I had some expertise, and saw a different side.

Basically, a lot of what's there is "how happy are the owners with a product"? That leaves a situation where owners of a cheap product take the view "yeah, it's fine, does the job, I'm satisfied", whereas those who take a serious interest in a subject and buy top-end gear remain sensitive to its flaws.

The importance attached to security would seem still to be something that depends heavily on ones perspective, so IT practitioners differ radically from Joe Public. Some journos are working on that divide, but I guess they still have a way to go.

Has anyone (here) studied the actual vulnerabilities under discussion, and where they fall on a scale of hypothetical to easily exploitable by a stranger?

3
1
Silver badge

Re: common place

"I gave up on Which? a long time ago (end of the 90s)."

I gave up before then when they recommended as a learner motorbike a Kawasaki with brakes totally inadequate for the speeds it could reach and with somewhat limited turning abilities. It could at least have reduced the number of motorcyclists on the road, but I don't think that was the intention.

2
0
Silver badge

Re: common place

I use them outside the building, never inside so I'm less concerned about the vulnerabilities - realistically, if you use a cheap security camera (best value for money - LOL) I don't think you have any right to expect a well designed and secure product.

0
5
Anonymous Coward

Re: common place

....Kawasaki with brakes totally inadequate for the speeds it could reach and with somewhat limited turning abilities.... - I brought a donkey like that once.

2
0
Silver badge

Re: common place

@Version 1.0 - I take it those outside cameras are on a separate network then and not able to be used as a breach head for taking over your internal network.

Someone p4wning the camera and watching you is the least of the problems you have with such devices.

2
0

Re: common place

>I use them outside the building, never inside so I'm less concerned about the vulnerabilities

Are they connected to your network, by any chance...???

0
0
Silver badge

Re: common place - I brought a donkey like that once.

But did you buy it as a result of a review in Which?

0
0
Silver badge
FAIL

"Our rigorous testing programme . . ."

Was established by Sir Mortimer Lefancy in 1867, based on approved journalistic reviews of the time. We make it evolve continuously, once per geological epoch.

Come on guys, if you can't be bothered to Google, don't go pulling a "we value our customer's privacy" shit.

You didn't, and you don't have a clue.

End of.

23
0

"Which? found a minor privacy concern with this device at the time of testing more than two years ago"

They use security testing from 2 years ago?

10
1
Silver badge
Trollface

"Which! - where environmental consciousness runs so deep we even recycle our own reviews! Also? FYI, your security is none of our bloody concern, sucker!"

9
1
Silver badge

Which iT related reviews

Have always been poor.

They are probably fine for reviews of (non IoT) fridges, washing machines etc. but anything with a decent "IT" component then reviews are worth treating with a pinch of salt (by pinch, I mean an amount worthy of daily production of a salt mine)

10
0
Silver badge

Re: Which ${subject-I-know-about} related reviews

Fixed your title for you. If your expertise lay elsewhere, you'd see similar issues with their reviews of something else.

1
0

Which don't seem to pay much attention to their members feedback either. I've had problems with both an induction hob and an electric blanket that I bought because they were recommended. Afterwards, in each case, I found lots of member comments who had encountered the same problem. But the which recommendations still stood, for years in the case of the hob.

So are there any good security cameras or reviews of them?

9
0
Stop

no.

0
1

Readers reviews Which? has killed them all

Employing outside labs they have no expertise. subscribers provided the long-term in use drawbacks which often would be very helpful.

As of last week they were allwiped

2
0
Silver badge

"So are there any good security cameras"

There are plenty, but none of them are ones that connect directly to the internet. Honestly, though, that's what you want. From a security point of view, better to have your cameras talking directly to a computer on your premises, which does the video storage, etc. You can then use software on your computer to make the video stream available over the internet if that's something you really want.

0
0

Normal for Which!

Anyone with a bit of actual knowledge and experience can always find flaws in Which! recommendations

3
0
Mushroom

Minor flaw? Where?

"Which? found a minor privacy concern with this device..."

Where on earth did they find a "minor privacy concern"? All the flaws reported here were pretty much worst-case vulns (total stream takeover.) The only thing worse would be rooting the device. That is major, not minor.

So did they discover some more vulns, or did their spellchecker replace "major" with "minor"?

7
0
Anonymous Coward

"Experts" at Which? are just opinions with IT

Everyone else has already said it above. When Which? talk on an area that you know about yourself you then realise they are not always that on the ball. In the IT world especially.

What I find comical is that they use their subscribers to get most of this feedback. So they are asking people with experience of just the one item they bought and not someone who has experience of the market. Even a 20mins phone call with people like the Pen Test people would have lifted the quality of their reviews.

I know how bad their advice can be because they have asked *me* to provide opinions for them! I got my 30 seconds of TV fame by doing an interview on their behalf.

It is not just the dodgy webcams and IoT devices. You can see it in many other reviews. Read between the lines and you can see too much personal opinion in there.

They are great on some of their campaigns, and know how to run White Goods tests into the ground, but they need to know when they are outside of their own knowledge area.

Actually - that's a good point. I have been meaning to cancel my subscription for ages. This is a good nudge to go do that.

6
0

Which? reviews are usually best treated with a large pinch of salt

- and not just "IT" ones.

Years ago, I worked for <redacted> hifi manufacturer. We had two brands, cheap and reassuringly expensive. Each brand had a model of bookshelf speaker. Which included them in a "group test".

The expensive ones came top. the cheap ones bottom.

The products were internally identical, the only difference was case finish and trim.

Mind you, Which? was *still* better than the typical hifi mag review.

8
0
Joke

Re: Which? reviews are usually best treated with a large pinch of salt

Ah, but you presumably haven't taken into account the improved hi-frequency fidelity amplification designed into the superior speaker case trim, and the significant improvement to the lower registers from the more expensive case finish. It can make all the difference between exceptional sound and merely very good.

3
1
Silver badge

Which? bases best buys on a bag of criteria. The testing is apparently reliable on a criterion by criterion basis ( though IT doesn't sound great). But the weighting of these, things like ease of use, reliability, efficiency etc. is inevitably a subjective choice. You're going to end up with a judgement that trades security against lens quality. And so forth.

1
1
Silver badge

Which? bases best buys on a bag of criteria.

Having a pseudo auditable assessment criteria doesn't make the outcome any good. This month they're recommending as a "best buy" a £990 home coffee maker. And even then it only got 76% across their weighted criteria. Likewise, it busies itself reviewing hundred quid toasters, five hundred quid vacuum cleaners, and so on. Car reviews have been getting progressively more ambitious, including those popular-with-Which-rank-and-file models such as the Porsche Panamera, the Mercedes CLS, and the Tesla Model S.

When it comes to (say) energy, broadband or insurance, Which treats its readers like simpletons without the skills or confidence to make any decisions for themselves, but then goes into some reasonable detail on pensions, will and later life care. With product reviews increasingly for expensive products, I conclude that Which has degenerated to a general interest magazine for wealthy pensioners

6
0
Silver badge
Facepalm

I seem to recall posting about this before, after looking at Which? reviews of handheld vacs

Two products had similar performance and ratings.

The Dyson was "good value" at £100, a "lightweight" 2.1 kg and ran for an "amazing" 18 minutes

The Vax was "pricey" at £60, a "hefty" 2.0 kg and "barely" lasted 20 minutes

But at least they usually try to compare like-for-like, unlike most El Reg reviews ;-)

4
0

You're going to end up with a judgement that trades security against lens quality. And so forth.

So, we're going to end up with a judgement of a security system being superior because it has an on/off switch accessible from the street.

Got ya!

I'll stick with my original assessment the first time I read their drivel, buy anything not listed by them. They're as bad as Consumer Reports, who reported that RCA VCR's were superior to Hitachi VCR's, despite the fact that Hitachi made them for RCA and component for component, were identical.

Which should give an indication on my views and experience with bullshitting rating disservices and sites.

3
0
DJV
Silver badge

Funnily enough...

...I've just had an email from Which asking me to do a survey. One question was: "If you could pick one consumer issue you would like to see Which? campaign on, what would that be?"

I replied with: "Improve the accuracy of articles on your own website. See: https://www.theregister.co.uk/2018/10/08/smart_camera_which_wtf/"

9
0
Coat

Which want to see

Because Which? really wants to see who buys it's recommended hardware.

And what better way to see, than to, really, literally, *see* them.

...mine's got the Tails/ToR installer in the hidden pocket...

1
0
Facepalm

Good only for White Goods

I find the Which? reviews useful for seeing what's on the market and what all the bells and whistles do. They seem OK on relatively straightforward things (e.g. the toaster will burn the toast if you use it again immediately) but they are often well out of their depth even on slightly technical thingies.

Not so long ago I was amazed at their review of DAB radios which completely failed to mention the need to check for the Digital Tick. Many well known retailers such as Tesco and John Lewis are still ripping off their customers by selling digital radios that can't receive the ever-increasing number of DAB+ transmissions in the UK, but Which? readers would be none the wiser.

4
0

That was a real lol moment

The Consumers' Association magazine has worked hard to build trust in its consumer-focused product reviews.

The Consumers' Association magazine has worked hard to market itself in the same way as Readers' Digest, Automobile Association (in their heyday) and all the other outfits whose main route-to-market is direct mail. The quality of their product is concomitant with that approach.

FTFY.

A so-called consumer champion selling its product via a "free trial" and reliance on inertia not to cancel is seriously unethical.

7
0

Yahoo?

One extra? question mark makes a sentence more difficult to read than an exclamation point following every word.

You! learn! something! new! every! day!

1
1
Silver badge
Joke

Which? may still be right

The product may still be the best in category, and the huge security hole(s) may still be "minor" compared to the competition, for all I know.

0
1
Anonymous Coward

I find a PoE switch taking in all the streams from PoE cameras, and dumping them on a nas works just fine. Then its a case of VPN with L2TP using IPsec to get access.

1
0
Boffin

Which? have form!

Which? have pushed Power Line Technology (as has El Reg) and LED lighting despite the weight of evidence to prove many of these products (all PLT) fail EMC standards. Their forums were often full of people pointing out the interference from LED lighting to their VHF radios, yet Which? continued with the power-saving mantra.

4
0

well I own a Lenovo display (Google assistant) and it's connected to my Nest security cam, and things are going great. Pretty cool device, could be controlled using my display and don't have 'safety' issues with it as well haha

0
0

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

The Register - Independent news and views for the tech community. Part of Situation Publishing