Wladimir PalantSep 8, 2025

My new article is out, this time it’s about internet-connected cameras, mostly being marketed as spy cameras. While the cameras themselves are very different, the common factor is the LookCam app used to manage them.

There is already a considerable body of research on these and similar P2P cameras, so it shouldn’t be a surprise that their security is nothing short of horrible. Still, how the developers managed to make all the wrong choices here on every level (firmware, communication protocol, cloud functionality) is quite something.

https://palant.info/2025/09/08/a-look-at-a-p2p-camera-lookcam-app/

#infosec #iot #lookcam #security #vulnerability

A look at a P2P camera (LookCam app)

I’ve got my hands on an internet-connected camera and decided to take a closer look, having already read about security issues with similar cameras. What I found far exceeded my expectations: fake access controls, bogus protocol encryption, completely unprotected cloud uploads and firmware riddled with security flaws. One could even say that these cameras are Murphy’s Law turned solid: everything that could be done wrong has been done wrong here.

Almost Secure
Show threadWladimir PalantSep 8, 2025

By the way, you are welcome to post your suggestions here about what “financial-grade encryption scheme” means in the context of their cloud service or where it stands in comparison to “military-grade encryption.”

Edit: I checked and the text hasn’t been mistranslated. It is just as repetitive and incomplete in Chinese as it is in English.

Show threadTimo TijhofSep 10, 2025

@WPalant

I hear double encryption is twice as secure as single encryption!

Show threadLucas Werkmeister
@krinkle @WPalant the humble 3DES:
Sep 11, 2025 at 12:19amWeb