2

I'm a bit new to the raspberry pi. Currently, I have a raspberry pi cam using motion to stream live video to a local HTTP address. It can only be accessed locally in my home network. I read some articles which said I need to enable port forwarding if I want to enable global access to my raspberry pi cam over the internet. However, I realize there are a lot of security risks. I was wondering if someone could explain what these security risks are and how I could fix them.

Ajay
  • 61
  • 1
  • 3

1 Answers1

2

The motion package needs a couple of ports open, a web-control port and one or more streaming ports. It looks like the defaults are 8080 for web control and 8081, 8082, etc. for streaming. Port forwarding will forward a port on your edge router to the corresponding port on the Pi running motion.

Do not believe that 'they' will not find your open ports, even if you use ports other than the defaults; there are many port scanning tools available, and the people you should worry about know about and use those tools. Security by obscurity does not work.

The most obvious risk is that your camera stream will be visible to people you don't know. The motion package uses HTTP by default, but can be configured to use HTTPS (see this answer), and HTTP basic authentication by default. That means the password is sent as plain text with every authenticated HTTP transaction. If the Pi running motion is connected to your router using WiFi, then anyone close enough to receive your WiFi signal can potentially sniff the password, depending on how and whether the WiFi signal is encrypted.

A probably greater threat is password-guessing. An adversary who can either sniff or guess your password can control your motion installation. The documentation for motion says:

Anyone with access to the remote control port (http) can alter the values of options and save files anywhere on your server with the same privileges as the user running Motion. They can execute any command on your computer with the same privileges as the user running Motion. Anyone can access your control port if you have not either limited access to localhost or limited access using firewalls in the server.

Note that WPA encryption on your WiFi and configuring TLS (HTTPS) will mitigate password sniffing, but not password guessing.

Another potential threat is that may be are errors in the motion software that allow access to the file system or elevation of privileges. Once an adversary is 'in' your system, they can use it as a base to attack anything else on your local network, even devices to which you have not opened ports. They can also attack other systems outside your network, and those attacks will come from your router's pubic IP address. An 'attack' could be as simple as downloading copyrighted matter, which your ISP might detect and penalize. It could be as severe as attacking a military facility; even if such an attack is unsuccessful, the evidence will point at you.

Those are at least some of the risks. You can't 'fix' them, but you may be able to mitigate at least some of them. My own advice would be not to do this unless you have a compelling reason.

  • Do not run motion as user pi, which can run sudo without a
    password, and never as user root.
  • Use a random password generated by software you trust, such as a password manager program, and make it a long one.
  • Turn off port forwarding when you don't need it.
  • If your router has a 'guest network' provision, put the Pi running motion there, rather than on the same network with the rest of your stuff.
  • "Harden" the Pi by removing any software not needed by motion.

I'm sure there are things you can do that I haven't mentioned. Doing the things I have mentioned will reduce, but not eliminate, the risk.

Edit: Also see this answer

Bob Brown
  • 1,091
  • 8
  • 14