topic Re: Security concerns with cloud service in Arlo

Security concerns with cloud service

FuzzyBear — Mon, 23 Feb 2015 08:28:25 GMT

Hi,

I couldn't find any netgear documentation on it's secuirty policies...I was wondering, what security measures are in place to prevent unauthorized access to live streams and videos stored on the cloud service?

Unless the files are stored encrypted at rest, is it fair to say that Netgear employees or netgear arlo cloud employees can view customer videos? Which then means if the cloud service was ever compromised, customer videos would be compromised?

Re: Security concerns with cloud service

ant — Sat, 28 Feb 2015 19:46:47 GMT

FuzzyBear wrote:
Hi,

I couldn't find any netgear documentation on it's secuirty policies...I was wondering, what security measures are in place to prevent unauthorized access to live streams and videos stored on the cloud service?

Unless the files are stored encrypted at rest, is it fair to say that Netgear employees or netgear arlo cloud employees can view customer videos? Which then means if the cloud service was ever compromised, customer videos would be compromised?

What about law enforcements with warrants? 😕

Re: Security concerns with cloud service

TomMac — Sun, 01 Mar 2015 02:33:09 GMT

Re: Security concerns with cloud service

ant — Sun, 01 Mar 2015 02:41:10 GMT

TomMac: What?

Re: Security concerns with cloud service

FuzzyBear — Sun, 01 Mar 2015 05:46:20 GMT

Given that I haven't been able to find any information from Netgear, it's probably safe to assume that video files are accessible by netgear employees, or whomever happens to find their way to the file storage medium.

Anyways, I guess with this type of cloud service users just have to accept the fact that the files could be viewed by others in the worse case, and take appropriate measures. For example, might not be a good idea to have the camera's in one's bedroom or in any situation where privacy is a concern.

Re: Security concerns with cloud service

ant — Sun, 01 Mar 2015 05:57:39 GMT

FuzzyBear wrote:
Given that I haven't been able to find any information from Netgear, it's probably safe to assume that video files are accessible by netgear employees, or whomever happens to find their way to the file storage medium.

Anyways, I guess with this type of cloud service users just have to accept the fact that the files could be viewed by others in the worse case, and take appropriate measures. For example, might not be a good idea to have the camera's in one's bedroom or in any situation where privacy is a concern.

Yep, always assume that our government (e.g., NSA), companies (e.g., Amazon since those MP4 video recordings are on amazonaws.com servers), etc. have access to them these days. 😞

Re: Security concerns with cloud service

TomMac — Sun, 01 Mar 2015 15:11:37 GMT

The data is encrypted and uses a verisign(?) key to access with what looks like a 256 bit key... on to the amazon cloud.

I wouldn't worry about people seeing/intercepting the stream.

If they watch mine, mostly they'll see an old/sick cat eating.

As to the employees of netgear or govt looking at your vids , would they be able to?, maybe, anything is possible if you have the right keys and equipment.

Some encryption methods are very hard to break, some not so much. I have knowledge of this being done (legally) all the time.

Remember tho, these cams aren't streaming all the time but only when turned on or motion record set ( which you'd prob know about). If you have them in what should be a private place, you can easily move them as needed. If your thinking about the Nanny or caretaker that may be recorded, most local laws allow for same on private property if in your employ ( and no audio so no problem with eavesdropping laws ).

Re: Security concerns with cloud service

FuzzyBear — Sun, 01 Mar 2015 21:23:44 GMT

The encryption you talk of is probably in flight, which is the most basic form. It's unknown if they do any server side encryption so that the data is actually stored in encrpyted format. But then again, given that netgear would have to manage the keys its pretty safe to say that employees and/or hackers could get access to the data... hackers probably will require effort, but I'm sure it's not a big deal for employees.

Anyways, too bad netgear does not reveal their storage policies as I think most users don't understand the implications. Dropcam at least lists a detail page describing their limitations:

https://www.dropcam.com/security

It's probably similiar, but you'll notice that they depend on amazon employees to ensure data is protected -- which means data is readable.

For the privacy conscious, too bad netgear does not allow streams to be uploaded to the users own private server.. never going out and being stored in some internet cloud.