Malicious Activity from Somfy Security Camera

Comments

3 comments

  • Avatar
    Firewalla

    The first two screenshots are likely people trying to access your camera from outside ...  

    The third one is fairly interesting, it says your camera been streaming out (upload) to the internet.  You need to verify if the streams are valid or not.  to do that, you will need to look netflows like your fourth screenshot and look at the upload section and see what IP is the camera sending stuff to. 

    Also, if the camera is to be used for remote access, you may want to think about using firewalla VPN to access it, it adds another layer of protection

    0
    Comment actions Permalink
  • Avatar
    Benjamin Bellamy

    Thank you for your answer.

    This camera is supposed to be available with the Somfy app from outside without UPnP nor port forwarding so a VPN will not help.

    All ports are closed from the outside so it looks like the camera was infected and is connecting to malicious site on its own…

    Is there a way to "record" all supicious traffic the same way Wireshark would do with Firewalla blue?

    0
    Comment actions Permalink
  • Avatar
    Firewalla

    You can see the traffic of any device for 24 hours, tap on devices->find your camera->tap on network flows-> you can tap on the graph on the top to move around the hours.

     

    0
    Comment actions Permalink

Please sign in to leave a comment.

Powered by Zendesk