Almost Secure Blog: Backdoors in VStarcam cameras

Gandalf_The_Grey

Gandalf_The_Grey

Level 85
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Forum Veteran
Apr 24, 2016
7,714
6
82,083
8,389
54
The Netherlands
Content source
https://palant.info/2026/01/07/backdoors-in-vstarcam-cameras/
VStarcam is an important brand of cameras based on the PPPP protocol. Unlike the LookCam cameras I looked into earlier, these are often being positioned as security cameras. And they in fact do a few things better like… well, like having a mostly working authentication mechanism. In order to access the camera one has to know its administrator password.

So much for the theory. When I looked into the firmware of the cameras I discovered a surprising development: over the past years this protection has been systematically undermined. Various mechanisms have been added that leak the access password, and in several cases these cannot be explained as accidents. The overall tendency is clear: for some reason VStarcam really wants to have access to their customer’s passwords.

A reminder: “P2P” functionality based on the PPPP protocol means that these cameras will always communicate with and be accessible from the internet, even when located on a home network behind NAT. Short of installing a custom firmware this can only addressed by configuring the network firewall to deny internet access.
Click to expand...
palant.info

Backdoors in VStarcam cameras

Over the years, VStarcam cameras added various mechanisms meant to leak the authentication password. While the purpose is unclear, these cameras cannot be trusted to restrict access.
palant.info palant.info
 
  • Like
  • +Reputation
  • Thanks
Reactions: Khushal, Wrecker4923, The_King and 4 others
Recommendations

These devices cannot be secured via settings or strong passwords, as the firmware itself is compromised.

Immediate Isolation (Kill Switch)

Do not port forward these cameras (RTSP/ONVIF) to the WAN.

Block all Internet access for the camera's MAC address at your router level (Parental Control / Firewall rules).

Note
PPPP cameras are designed to punch through NAT. Simply being behind a router is not enough, explicit outbound blocking is required.

VLAN Segmentation

Move these devices to a strictly isolated IoT VLAN with no access to your main home/business network. This prevents the camera from being used as a pivot point for lateral movement if compromised.

Replacement

Given the presence of intentional backdoors (XOR obfuscation), the vendor cannot be trusted. Plan to replace hardware with devices from vendors that support local-only operation without mandatory cloud P2P tethering.

References

Source
Palant, W. (2026). Backdoors in VStarcam cameras. Almost Secure.
 
I do use many Chinese devices, and I have always been suspicious about their security and privacy practices; it’s either incompetence or intentional weakening of security/privacy mechanisms. Pet peeves include:
  1. Email aliases aren't allowed, especially well-established "aliases." They do seem to really want to identify you based on your "actual" email address.
  2. Short passwords for encryption and login (especially in CCTV camera products).
More oops.
 
  • Like
Reactions: Parkinsond
You must log in or register to reply here.

You may also like...