Most helpful critical review
7 of 7 people found the following review helpful
Great Features, Completely Insecure
on September 3, 2013
Most of the other reviews do a great job of describing the features and functionality. You can pan, tilt, listen to audio, setup motion alerts, view at night, etc.. I think for the price, the feature set is top notch.
However, there are glaring security vulnerabilities that Loftek is not addressing. This issue first came to the public spotlight a week or so back when a Texas couple had their baby monitor hijacked by a hacker who was controlling the camera. The exploits are out in the open, and are very easy to execute. Foscam, Loftek, and other camera manufactures are all vulnerable, but Foscam drew the most criticism and has consequently put out firmware updates that are supposed to resolve the issue. Feel free to read all about the security issue here:
It's very easy to test on your own camera. Without logging into your camera, just go to your [...] This is a dump of the memory, and with a little searching, can see your username/password in plain text!
This link would show the hacker your wifi password. [...]
This link would let the hacker actually reset YOUR password, so they can access the camera and you cant. [...]
I've contacted support several times (as has the author of the article I just mentioned) but they have yet to commit to resolving the issue. The support from Loftek is questionable - while generally speedy, the responses are in broken English at best.
If you already own this monitor and just bought it, send it back for a refund! Let's get Loftek's attention and have these issues fixed. If it's too late for a return, then close up any firewall ports, because anyone with a little effort can take control of your camera. If you are a little more tech savvy, you can setup a VPN, reverse SSL proxy, or IP filter tables to block access - but you are not 100% safe.
Loftek, please read this review and address a major security vulnerability in your entire line of cameras. You should feel a sense of responsibility to your loyal customers to secure your cameras.
After posting this review, Loftek did release a new firmware that fixing the most critical of these known issues, for the CXS2200 Camera. I'm not sure if this new firmware fix was rolled into other vulnerable Loftek cameras, but I'm guessing it has not. I do thank Loftek for finally committing some resources to fixing this issue. I'm raising my review to 3 starts. I still feel a full security audit is in order, fixing all known issues should be done, and releasing new firmware for their entire line of cameras needs completed. However, they did respond to my request, and fixed the most gaping of issues.