Arlo|Smart Home Security|Wireless HD Security Cameras

Access Log/History

It would be great to have a basic or advanced log/history feature, first of all to see who of my friends logged to the system and at what time, also to ensure that nobody is using my account (in case hacked or someone stole my credentials). Also it would be better to send any of the above activities by email or SMS notifications so that in case someone hacked my account and accessed the cameras I will have the chance to immediately take action. A dual authentication might be useful as well where whenever there is a login attempt, I will receive a pin on my mobile which I need to input on the login screen... As nowadays security is a must, in my opinion the above would give a higher ranking for your product and a better customer satisfaction.

Comments
Retired_Member
Not applicable

This should be one of the most common implemented features but it seems like Arlo is selling security and not doing security.

Retired_Member
Not applicable

A history log and the ability for the consumer admin to view it should have been something implemented from the very beginning. It seems Arlo only cares about selling security and not actually doing security.

silanah
Apprentice

SUGGESTION:

  • A customer accessible log of all account accesses showing device identifier and IP address or geolocation information - perhaps on a rolling 7-day basis to match the cloud storage regime.

 

This is important. Anyone like myself who has been logged into their Arlo account only to suddenly be logged out with a message on their screen that says "You have been logged out as you logged into your account on another device." knows that this user accessible log needs to be provided as soon as possible.

 

I had absolute control of all of my devices and my unique password. I don't use auto log in, ever. I don't record the password, ever. When I logged back in to the account thinking it must be a Netgear servier issue, in just a few minutes I was again logged out with the message that I had logged in using another device.  This wan't possible so I changed the password immediatley and shut sll cameras off.

 

If I hadn't happened to be logged in at the moment this issue (hackers? bored support staff? whatever...) had happened I would never know that my account unformation may have been stolen or somehow obtained from Netgear. I may be a 'normal ordinary person' but I still don't like the idea someone weird could be using my cameras without my permission or knowledge!

 

Being able to check an access log would give people the instant ability to decipher if it was a real account intrusion or some network/server glitch.  This would be faster than asking Netgear for the information as I emailed their security tech support email address (goven in their Security advisories such as the one at http://kb.netgear.com/30731/Arlo-WiFi-Default-Password-Security-Vulnerability ) with the details of the apparent account intrusion more than a week ago and have received NO response to my Urgent request for details.  Not even a "nothing to be concerned about, server side connection issues can casue that default notification to be sent" - and I'm only guessing on that one.  Hearing nothing back makes me believe it is a more sinister and widespread issue.

 

This Account Access Log would also be useful for people who allow multiple users to access their account but want to see who is accessing on which occasions.  Netgear is already tracking this data, so let users see it for their own account please.. 

JamesC
Community Manager

silanah,

 

We take security concerns very seriously, if you have any reason to believe someone may be accessing your account without your permission, we advise you change your password.

 

Often times, this error message is the result of the same user attempting to log in on more than one device (mobile phone, another PC, same PC in a different browser window, etc.). Always be sure you log out of your current device before attempting to log in from any other devices.

 

In regard to the access log, this is currently not a feature for the Arlo system. Thank you for posting your idea and we will keep the status of this idea updated if it is considered for future implementation.

 

JamesC

 

D77king
Initiate

Being able to check an access log would give people the ability to decipher if thre was a real account intrusion or if there was some other issue with another user device still logged on to Arlo.

User_3654
Guide

Silanah,

 

I got those logged out messages too. Even had that message in French. I'm working with tech support on the issue and currently waiting for feedback. I've gotten responses from tech support and some questions so I'm hoping for some feedback soon.

 

I've tried the usual recommendations like, clearing cache from all devices (I use the phone mostly and rarely the PC browser), re-installing the app, change passwords, etc. But the problem keeps coming back. Also, I've granted access/passwords to no one but myself. 

 

I'm hoping it's a SW or network issue than hacking. I like the idea to have access to a log that checks our account activity. It would give us a peace of mind if we see our own IP numbers. 

 

I've also even changed emails to log in, but still have these events happen. At times, I don't get a logged out message, just a prompt to sign in.

 

User_3654 

silanah
Apprentice

Hi User_3654,

 

I would be less concerned about the requests to log in as that can be a time out or your internet connection drops.

 

What I found alarming was that I was using the app and all of a sudden got the "You have been logged out as you logged in on anther device" when all possible devices were within 20 feet of me and no one else had access to those devices.  I thought it was a server blip of some sort and immediately logged back in.  None of my other devices were logged in and none of them got a message of their own saying they were logged out becasue I logged in again - so it clearly was NOT my device or a forgotten connection on my part. 

 

After a few minutes I was AGAIN logged out and given the message that I had logged in on another device. Simply impossible so it meant someone, somewhere else, had logged in to my Arlo account.  Not possible for it to be someone I know, so that left undesirable options.  At that point I literally pulled the plug on all the Q cameras and the base/wireless cameras.

 

I changed logins/passwords not only for Netgear but also for a lot of other types of accounts.

 

To my knowledge it hasn't reoccured, HOWEVER, how could you know?  It was perhaps only by chance that someone hacked in (or bored overseas support staff decided to cruise some cameras...) during the few moments I was using the app. Considering the vast amounts of time when people aren't logged in, who knows?

 

I still unplug the in-house cameras sometimes if I get the heebie-jeebies that someone is watching.  Not a nice feeling.  

 

I will be interested to see if Netgear identifies a probable cause for you.

User_3654
Guide

Hi silanah,

 

I had a chat with tech support today and one thing that was recommeded was to uninstall the Arlo app and re-install it. Then log in, and manually log out from the app. I usually stay logged in on my mobile phone. Its not clear how this action will help my situation, but I'm giving it a try to see if this issue goes away.

 

I sure hope the developers will really consider adding an account access activity log something like what Gmail has. I like the idea of having that level of security for emails...even more so for security cameras!

 

When I get those heebie-jeebies sort of feelings myself, I stick Post-It paper strips over the camera lens 🙂

 

For Arlo developers,

Any updates on this idea?

 

Cheers

 

 

silanah
Apprentice

Hi User_3654

 

In my scenario that suggestion by Support is rubbish. I do not have the app installed on anything but my old ipad2. On all other devices (including mobile phone) I am a Windows 10 user so I access via the web interface.

 

So none of my Windows 10 devices were accidentally left logged in, in fact they were shut off at the time. I was playing with modes and learning abit after installing a Q and I was using the app on the ipad2.  And then I was logged off with the notice of someone logging in on another device. Just couldn't have been any of MY devices, it wasn't possible.

 

So I logged back in through the iOS app immediately.  All good for about three minutes when I was again logged out because there had been another login on another device.

 

So... NOT my device and NOT me. Someone else *was* logging in to my Arlo account. And I'm literally the only one that has access - EVER. And I don't leave passwords on post-it notes.

 

I never would have known it could happen if I had not been logged in at the time. That is the worrying aspect of Netgear not offering a log of all account accesses that each customer can monitor via the web interface.

 

Anyone that has not had the problem may simply not have been logged in at the time someone else was looking through their camera or sorting their saved videos. They would never know.

D77king
Initiate

What is Arlo trying to hide?

Are they aware that there are isuues of customer accounts being hacked?

Do they allow employees to access customer cameras? 

This should not be a problem to notify customers whenever there is an logon from a new device.

They should be trying to protect their customers.

Any thoughts from others?