Following on from my quick review of this camera, I’ve decided to have a deeper look at the camera workings.
I generally look at the following aspects of the device –
- Network Activity – Does the camera call home?
- Open Network Ports – Does the camera run any unwanted servers?
- Interoperability – Does the camera work well with other applications?
These cameras seem to have lots of activity even when there’s nothing going on.
They seem to call home quite often, both over UDP and over TCP.
Quite a few of the calls try to access a webserver somewhere, however most of the requests do not get passed through my squid proxy as they are classified as an ‘invalid request’. The few that get through hit the url
http://log.xiaoyi.com/info.gif?, which is an empty file, so I assume that it just logs the originating IP address.
The camera generally calls home to the following addresses/ports
- UDP: 188.8.131.52:8053
- UDP: 184.108.40.206:8053
- UDP: 220.127.116.11:28678
- TCP: 18.104.22.168:28622
- TCP: 22.214.171.124:HTTP
The camera also syncs time (I’m assuming) with XiaoYi servers via the url
When I access the camera from outside my home network, the communication is direct from the camera to my mobile phone, which at least means that the stream does not go via a third party server before it reaches my phone.
Open Network Ports
After setting the camera up, the camera only has TCP port 38888 open. I’m unsure as to what this port does as of yet, but the camera should be behind your firewall anyway so these ports should not cause any security issues.
Telnetting to the port gives me a string of random hex, which also seems to be contained in the calls home mentioned in the section above.
This camera seems to only want to work with the App provided by the vendor. I was unable to coax TinyCam to talk to the camera so I could view the camera without using the default application.
Since there is no built in HTTP server, I’m also unable to use motion to use the IP camera to do motion detection.
Overall, this camera does not seem to be interoperable with any other software or applications besides the vendor supported ones.