topic Re: Encryption in Arlo

Encryption

platron — Wed, 28 Sep 2016 20:53:04 GMT

I've noticed that, while traffic from the netgear base station to the cloud seem to be encrypted, there's quite of a bit of plaintext being sent back.

For example, I see stuff like this:

[{"from":"123-1234567_web","to":"MYBASE","transId":"web!b0b0b0!12345678910","action":"set","resource":"subscriptions/123-1234567_web","responseUrl":"","publishResponse":false,"properties":{"devices":["MYBASE"],"url":"https://vzweb05-prod.vz.netgear.com/hmsweb/publish/123-1234567"}}]

where I've changed possibly identifying text to something like 123..., but MYBASE in the original transmission is the actual S/N of my base station. What is this information used for and why isn't it encrypted?

Re: Encryption

TomMac — Wed, 20 Jan 2016 15:29:32 GMT

Your right in that the video info needs a 'key' as for the some of the data, it is in plain text ...Ive noticed the same thing... on it's way to / from Amazon servers.

But I really don't worry about that, but more that someone can't tap into the vids to get an inside view of the home/layout ( which is keyed )

Re: Encryption

platron — Wed, 20 Jan 2016 23:35:22 GMT

At the very least it's bizarre that information uniquely identifying your hardware is available in plaintext, but what concerns me most is the rtsp link that shows up when you begin live streaming. The link is of the form

rtsp://vzwow....netgear.com:443/vzmodule/CAMERAID_123456?ingressToken=HEXSTUFF?cameraId=CAMERAIDso fa

So far, I've been unable to play this link from VLC, which is promising, but I haven't tried very hard. Even if the link is unusable (e.g. the token is single-use and is showing up in the TCP stream only after it was used), I'd still like to know why it was sent at all.

Re: Encryption - somebody listened

platron — Sat, 23 Jan 2016 16:19:51 GMT

So this is interesting... I ran a few captures today, and it appears that the entire dialog betwen base and netgear/aws is now encrypted The strange "ingress tokens" and rtsp links are gone, or at least no longer in plaintext. This is a tremendous improvement.

Re: Encryption

platron — Wed, 27 Jan 2016 14:45:02 GMT

For the record, no. It would have been nice to get some official resoponse from Netgear on a topic this serious.

_____________

Hello platron,

Your topic recently received a reply.

Topic: Encryption

Date: 2016-01-19 02:15 PM

Did it solve your problem?

Click here to view the reply and mark one as an Accepted Solution.

This helps others find helpful answers in the community too!

Re: Encryption

Timmy256 — Sun, 21 May 2017 19:07:34 GMT

Hi @platron, could you share with me how you are doing the sniffing?

I'd like to do the same on my own setup too. As I've posted before here (Arlo is being Blocked by Privoxy. What server address should I whitelist?), I can't use livestream because Privoxy in my DD-WRT modem is blocking it. I've tried whitelisting .amazonaws.com and .netgear.com without any luck, so I'd really love to know what other address it's trying to access when clicking the livestream in order to try to whitelist it too.

Thanks and please let me know also if you already know what other address I should whitelist!

Best

Re: Encryption

jguerdat — Sun, 21 May 2017 20:11:39 GMT

Did you ever open a case with support to see what they might be able to suggest?

Re: Encryption

platron — Sun, 21 May 2017 21:42:18 GMT

Wireshark, principally. If your devices are connected over a modern ethernet switch (as opposed to a hub) or via WPA2 with session-level encryption, then you may also need to use iptables on your router to redirect traffic to wherever you're running wireshark.

Re: Encryption

Timmy256 — Sun, 21 May 2017 22:02:04 GMT

No @jguerdat, I didn't actually got to it. I'm pretty sure that they'll tell me (if they reply at all) that I have to troubleshoot which address I'm trying to access first and then allow that to be bypassed. But since it's installed in DD-WRT (an embedded system), I have no easy way to generate logs in my case (I'd have to add JFFS2 storage to a physical unaccesible modem), that's why I'm still trying to figure it out myself.

Thanks for the suggestion, though. I'll certainly submit it after a couple of months, when I get more time, and if I haven't fixed it myself already.

Regards.

Re: Encryption

Timmy256 — Sun, 21 May 2017 22:05:44 GMT

Thanks for the reply @platron! You were just typing as I was posting my previous message!

Yeah, I've tried with Wireshark and had to install the special drivers, but I didn't have the time to mess with it and the DD-WRT configuration, so I left it there.

Would you happen to have it installed or some logs from your previous tests? Could you confirm me if there are other address besides these two that are tryed to be reached when you click on of the "Live" icons on the desktop web UI (not the app):

.amazonaws.com
.netgear.com

Thanks!