Reolink is a Chinese security camera manufacturer whose products are being widely sold in Australia, now questions are being asked about the risks to Australians, after claims that trackers have been found in their security camera software.
Exodus Privacy a non-profit organization claim that they have found “suspicious code and tracking software embedded in Reolink software used to manage a security camera using an Android app.
An investigation by ChannelNews reveals that Reolink cameras are being sold at Costco, The Good Guys, Bunnings, JB Hi Fi and Amazon.
Recently Exodus Privacy claimed that they have found code signatures for multiple Chinese organisations embedded in Reolink software.
This type of code is used to supply information to third parties while also delivering access to hardware devices such as cameras so that a third part can take over functionality of a device or part of a mobile phone operating system.
This is not the first time that Chinese brands have been accused of being a risk to consumers.
Currently the US government is considering a ban on Chinese TP-Link routers, modems, and security cameras due to national security concerns.
TP-Link claims to be the world’s largest provider of consumer wi-fi networking devices, which are widely used in Australia.
Exodus Privacy claim that the Reolink software, allows third parties and Reolink to access a multitude of applications and capabilities on a smartphone including Bluetooth settings, Wi Fi settings, audio settings and a multitude of other settings found on a mobile phone.
A visit to the Reolink Community page claims “Major security flaw in ALL new model Reolink cameras”. Scrolling down the page is a multitude of complaints relating to problems users have encountered including their cameras being taken over, Reolink systems issuing new IP addresses,
One concerned owner of a Reolink camera wrote ” I recently discovered that my Reolink (and ONLY my Reolink cameras) are getting attached to from all over the world. I had to disable internet to the devices. I have about 15 devices on my network, everything from laptops, mobile devices, audio receiver, synology NAS, and more”.
He said that “Only my Reolink RLC-810A cameras are getting hit. I realize that they have the ability to upload to FTP and send out email notifications so I’m sure that’s part of the issue. All of those features are disabled. The IPs attacking is from Cambodia, Russia, and China”.
“I recommend not using the cameras for any type of notifications or broadcasting”.
He moved to block access to his cameras from outside.
According to Exodus Privacy there are several was to avoid ‘Tracker’ software.
What they advise is that when you install an application or when an application asks for personal information, ask yourself the following questions:
how many trackers does it contain and what permissions does it ask for?
do I want or need to install it?
do I want or need to give it what it asks me?
They claim that it is up to you to decide what information or apps are downloaded to your smartphone.
You could also contact the people who offer you the application if you consider it to be too intrusive and ask them some explanations on the presence of trackers and permission requests.
They advise that what is often described as ‘free’ software is actually software whose code (i.e. its recipe, or list of instructions) can be changed, copied, verified… and is thus transparent.
A free software application might exist to replace an app that you already use but that may not respect your privacy.
F-droid logo
If you are an Android user, you can install F-Droid.
It is a free software store that can be used instead or in addition to the Google Play store. Do not hesitate to refer to the F-Droid documentation if needed. Be aware, however, that some F-Droid applications are not available in all languages.
Reolink has not commented for this story, we have asked them for a comment and we will publish it when and if we get a reply.
