A warning around purchasing an Alkatronic 2nd hand

[JoshH]

I have reached out to the member, that was referenced, who sold this unit via email and have asked him to help out here.

PS. Alkatronic is not a sponsor of this community for those of you looking to drag R2R into this. And yes we will edit and remove posts that go against our TOS whether someone is a sponsor or not. So keep your rude comments to yourself. Thanks.

No one was Dragging R2R into this, someone suggested to reach out to the R2R team and it was pointed out that this likely would be a fruitless endeavour. Also FocusTronic may not be a sponsor directly, however Coralvue who is FocusTronics sole North American distributor is. It is a great thing that you also contacted the seller as well to resolve this issue. And it is definately much appreciated by more than just the OP.

 

[DopamineKata]

If you did not manually log into the router to make changes then no additional ports have been open. The device alone is not capable of opening a port.

UPnP allows for just that thing to happen.

 

[Karen00]

Most likely letting your camera know the account info for an outbound connection. No changes would have been made to your router. NOW out side of your control if someone was able to take over the place the outbound connection is going to (nest lets say) they could in theory access your device and then hop off if it now being already inside your network bypassing your router entirely since two way communication would do whats called a holepunch and allow a temp open port (all software does this pretty much)

Yes, this exactly! So how do phones deal with ports and firewalls? I run a pretty low tech setup at my house but I remember with some windows software I would get asked to approve firewall changes for ports. How do phone apps deal with this or are they all using existing open ports?

 

[Karen00]

Most home camera systems use existing open ports on routers, encrypt the data (nut much, but it is encrypted), and then feed that to the cloud. The issue becomes if the cloud gets hacked, they can see your feeds and possibly IP scheme (most omes are 192.168.xxx.xxx anyways, so who cares). The real issue, that I deal with everyday in IT, is when someone is in your home, able to access the wifi from the camera, port inject it (very simple to do with linux and some free programs), fake a secure handshake and then wreak havoc. Most home users will never experience this, as most home users do not process transactions of 1000s of dollars and all kinds of customer info.

Then there is the fact if Wyse or someone gets hacked and they use the exisitng connection between the camera and the cloud as a port to do things. Again, not very common in residential or very common for most respectable camera/cloud companies.

But in any sense, most home routers from LECs suck for security. Most home wifi from those routers is weak to begin with. Do not get me wrong, there are instances where someone drives around a neighborhood and wifi scans to try and steal someones identity, but it is not super common or we would all have crfedit cards opened in our names without our approval.

Yes. These are the things that I was thinking about although as you mentioned probably not too common in the home setting. Up until now my home environment has been pretty low tech. Until this security camera and a smart power bar I didn't have any devices accessible from the internet so I never had need to do a deep dive into the setup process.

 

[Karen00]

UPnP allows for just that thing to happen.

This is the one I was trying to remember. Thanks for posting. I thought there was a vulnerability with routers (at least older ones) and this.

 

[a.t.t.r]

UPnP allows for just that thing to happen.

Those port forwards are temporary and as long as the device installed isn't malicious it is generally just as safe as something using tcp hole punching to a third party service. Most commercial routers have it off by default and most home users really shouldn't worry about it. You are far more likely to be "hacked" by phishing attempts or socially engineered then anything over the network. Now if you run a business that is a whole other story and why it is very important you hire a true IT company to do at least occasional checkup on your systems and never let your nephew who "knows computers" or some low end service like geeksquad into your business.

 

[a.t.t.r]

https://thehackernews.com/2018/04/iot-hacking-thermometer.html for those who forgot about this. We have also gone WAYYY off topic.

 

[i_am_mclovin]

wait. I’m late to this thread - but is this a real reply from you???? Holy cow what a disaster of a professional response. The op was so desperate to get help that he posted on the forum after y’all ghosted him for weeks. Then, because the thread is heating up with backlash, you come out of the shadows and sort it??? As Chris rock would say - you don’t get credit for doing what you should just be doing.

Seems to me you guys could have sent the original owner an email right away instead of pushing the op to the literal edge by stonewalling.

I work in pr - the correct response from you should be “Sorry op, but we have sorted it and you’re good to go.” Instead you went with the keyboard warriors tactic.

eh…to each his own. But blasting users of your very niche product - on the largest forum for the very niche product’s use is a bold strategy.

 

[Eagle_Steve]

https://thehackernews.com/2018/04/iot-hacking-thermometer.html for those who forgot about this. We have also gone WAYYY off topic.

We are nerds, would you expect anything less from us?

 

[JeffB418]

No one was Dragging R2R into this, someone suggested to reach out to the R2R team and it was pointed out that this likely would be a fruitless endeavour. Also FocusTronic may not be a sponsor directly, however Coralvue who is FocusTronics sole North American distributor is. It is a great thing that you also contacted the seller as well to resolve this issue. And it is definately much appreciated by more than just the OP.

Actually, Coralvue is no longer a sponsor and hasn't been for many months.

 

[polyppal]

lets take bets on how many more pages this dead horse is beat for... Ima say 10 total!

9.9 pages, Sooo close #trollprophet

 

[polyppal]

wait. I’m late to this thread - but is this a real reply from you???? Holy cow what a disaster of a professional response. The op was so desperate to get help that he posted on the forum after y’all ghosted him for weeks. Then, because the thread is heating up with backlash, you come out of the shadows and sort it??? As Chris rock would say - you don’t get credit for doing what you should just be doing.

Seems to me you guys could have sent the original owner an email right away instead of pushing the op to the literal edge by stonewalling.

I work in pr - the correct response from you should be “Sorry op, but we have sorted it and you’re good to go.” Instead you went with the keyboard warriors tactic.

eh…to each his own. But blasting users of your very niche product - on the largest forum for the very niche product’s use is a bold strategy.

 

[telegraham]

Right guys … we have now had an eMail from the original owner and this is sorted … for those of you who couldn’t get their head around what was happening .. think about buying an apple phone and the person did not reset it … do you think you can go into an apple shop and ask them to reset it for you ?
Of course not … well the AT works the same way, hence the “unlink” button on the app…
So maybe think before you get on your high horses and become keyboard warriors in the future please !!!

This may be an inaccurate assumption. An appointment at the Apple Store, with receipt in hand, will get you a hardware-locked Apple device unlocked. I've done it. They, however, could not do it over the phone.

 

[fftfk]

So, after all that, are you (@Rewd) happy with the Alkatronic?

 

[Nonya]

Deleted

 

[Rewd]

So, after all that, are you (@Rewd) happy with the Alkatronic?

No, I ended up selling it at a substantial loss since I disclosed that I could not get it working. It never came close to matching my Hanna checker, which is not really a big deal per say. As long as it could be precise in keeping whatever number it found stable, I wasn't necessarily big on that number being accurate. Stability is what I was really after. But one day I ran it and it started showing a result of like 4 dkh. No matter what I tried, I was unable to get it out whatever was causing that. I even made a rather large change to my alk and it still said 4.0. At the end of the day I simply couldn't trust this thing.