The idea behind

Universal Plug and Play (UPnP) first pronounced by Microsoft in 1999 should make device-to-device networking easy for consumer electronics, mobile devices, personal computers and networked home appliances. This text comes from Wikipedia and describes the situation best - HOME APPLIANCES!

I won't start a flamewar but just to be clear don't use it if you don't know what your devices does for its security. It could be handy if your playstation or tv says hello I'm here with open standard talk to me your configuration is done by me you don't need to care. But your surveillance camera must not open ports on your DSL modem by default. There are many research teams in the "wild" world scanning just for these devices on public internet and the result is frightening.

One of my friends told me that he bought new cam on Internet from china. He plugged and played with his new cam and installed the software to see his garden. What he have seen is a Chinese family sitting in the dining room having lunch. Fun fact their cam had a loud speaker - this was not fun for them. The issue was activated UPnP on their router and admin/12345 unchanged.

I do not blame the enduser but i see the failure in the standard modem configuration of the provider. An internet service provider has a bunch of intelligent workers which do know best security standards but the focus is not on customer - shame on them!

The check

Get your public IP

Just open a web browser and go to http://checkip.dyndns.org . This is your public IP of your home router!

Connect to an outer host

Not everybody has a vps so you could route your device through tor but "tor-browser" is not enough all traffic needs to go through the tunnel

Do a PortScan

Start the nmap scan and watch the result

nmap -T4 -A -v <public_ip_address>

All to complicated

Just take your public IP and try an online port scanner like http://www.dnstools.ch/port-scanner.html

The result

Why the hack is web server behind my IP?
Ah my camera wants to go public!

Starting Nmap 7.80 ( nmap.org ) at 2019-11-06 22:53 CET
Nmap scan report for <public_hostname>  (<public_ip_address>)
Host is up (0.034s latency).
Not shown: 97 filtered ports
PORT     STATE SERVICE
80/tcp   open  http
554/tcp  open  rtsp
8000/tcp open  http-alt

Nmap done: 1 IP address (1 host up) scanned in 1.80 seconds

By the way my brother was so happy that this cam ran out of the box and the password was so easy to remember.

The conclusion

There is a situation you want your camera online and your password is safe and 16 char long. Anyway it is still not a good Idea to have UPnP on and the camera available on public. Most black-hat groups do have a huge amount of bots scanning the web for surveillance cameras - because they are often a big security risk. So even if your CAM is safe you will see a huge traffic on your modem - these guys are brute forcing your password and you are angry because your Internet is so slow.

SAFE WAY?

Just configure a openvpn tunnel with dyndns name behind your firewall - every good cellphone which can run your camera software can definitely tunnel your traffic through a tunnel!