Arlo|Smart Home Security|Wireless HD Security Cameras

Reply
Discussion stats
  • 5 Replies
  • 2218 Views
  • 3 Likes
  • 4 In Conversation
PatsyAK
Follower
Follower

i love the feature of looking at daily video feeds on my Arlo Pro 2.  i delete them regularly to keep up with it. I believe jammers were used to knock all the cameras “off line” because of the multiple coincidences .One, I left town Friday. Saturday before going to bed, I checked video recordings were fine for Friday & Saturday.  Two, Sunday morning all cameras “offline”, window glass broken, metal bars inside window frame cut through.  Three, Monday morning i noticed they had come back at night because....whilst in front of the camera, cut through security gate knowing someone was in the house. Seems to me they knew how to deauthorize the Arlo cameras and jam the signals long enough to do all that work both days. Four, with devices now “online” status and “motion detect” bars are colored, and Wifi signal strong, I’m suspicious that they are watching on “LIVE MODE” with one camera inside specific area for the rest of the day because after moving about and waving normally RECORDS automatically, these videos were not recorded in that area  when I checked them with full motion sensor “on” whereas the other cameras recorded & were available for the day. Advice appreciated.

5 REPLIES 5
StephenB
Guru Guru
Guru

 

 

 

Of course contact support ( https://www.arlo.com/en-us/support/contact.aspx )

 

I can't rule out your scenario.  People can certainly purchase WiFi jammers, though they are illegal in the US. But another possibility is that the bad guys saw you were protected by arlo, and managed to access your account.  If they did that, your fears about hijacking Live mode could be true.  A jammer wouldn't let them do that.

 

If they were accessing your account, the cleanest way for them would be to use the "grant access" feature - inviting themselves to be your "friend" and granting themselves access to your cameras.  Otherwise you'd see "logged in from another account" notifications in your browser or app from time to time - and they would be logged out whenever you logged in. 

 

So look in grant access, and change your Arlo account password.  While you are at it, change passwords on your other accounts too - financial institutions, email, etc.

 

Are you using the new two-factor authentication feature? 

brh
Master
Master

@PatsyAK,

Agree with what @StephenB said, but I am also curious about a couple of things here. Although not available to the users, I do believe Customer Service should be able to view the logs of your account and thus possibly shed some light on the situation. Secondly, are you using flash drives or hard drives that plug into the rear of the base as local storage? If so, check to see if you see anything on them. I know that I have lost the internet for periods of time, but the cameras continued to record on the local network which are only available for viewing by removing the drive and viewing on a computer. Thirdly, since this is happening to you and they might continue to watch you, I would have multiple systems that do not work off of wifi. For example, a hard-wired camera system such as Lorex, and even a professional security system, such as ADT, Frontpoint, etc. with cellular connections that would phone the police if any activity occurred inside.  My house was also burglarized in the past, and I have multiple systems.

 

Brian

NewfieDrool
Luminary
Luminary

Jamming and using deauth attacks are different. A jammer just attempts to block all signals where a deauth attack can be used with another method to campture information.

thankfully the Wi-Fi from the camera to base is protected from this as I’ve attempted to deauth the camera with a board setup in monitor mode and some scripting. The weak points however is many routers don’t have this protection so you can get up to all sorts including injecting methods to allow email access and websites used to capture passwords but you can spot this type of attack. Normally you get an interruption in service where a password fails as you enter it. 

In my case as I’m not using the router but a WiFi extender to plug the home base in  that’s my weak spot but I’ve taken measures to limit it. 

The only way to get live view was they would have to attack your Wi-Fi and that’s quite a bit of work. You need to ensure your router offers protected frames management and the latest WP3 standard should provide that as this starts to appear with the new Wi-Fi 6 standard routers. Sadly most domestic routers don’t offer this at the moment, my XR500 for example has no protection and misses the attacks under system information.

As Brian stated it’s best to have a profession system as well and mine is ADT so inside the property I’ve a good system and the big old alarm on both front and rear property does deter those who may wish to try it on.

 

StephenB
Guru Guru
Guru

@NewfieDrool wrote:

Jamming and using deauth attacks are different.

 


Yes I know.  Jammers are brute force, and are intended just to disrupt service.  The first symptoms (cameras suddenly going off line) are consistent with use of a jammer.

 

More importantly, as you say below, you've found that the camera->base link isn't susceptible to deauth anyway. The base->cloud link is ethernet (no extender involved in this case) - and deauth is a wifi attack, not ethernet.  Not sure why you keep bringing up deauth in so many of your posts.  It doesn't seem relevant here.

 


@NewfieDrool wrote:

 

The only way to get live view was they would have to attack your Wi-Fi ...


That is certainly not true.  If they have the account credentials, they can access live view from any PC or smart phone.

 

Hacking into the WiFi  network alone wouldn't do it, since the streams are independently encrypted, and don't just rely on the AES encryption in the router's wifi.

 


@NewfieDrool wrote:

...

As Brian stated it’s best to have a profession system as well and mine is ADT so inside the property I’ve a good system and the big old alarm on both front and rear property does deter those who may wish to try it on.

 


We agree here. 

 

So far we've been focused on the tech - but the human element is clearly also part of the puzzle.  Whatever the cause of the service disruption, the cameras did record the intruders before they entered the property.  Presumably notifications were also sent.  @PatsyAK either didn't get them (cell phone off?) or ignored them.  

 

The new app issues might factor in perhaps.  But I put my phone on do-not-disturb in meetings and when I'm sleeping.  Sometimes I don't remember to change it back right away.  I ignore my phone when I'm driving and it's off when I fly. I don't carry it when I'm swimming, and I am sometimes in places with no coverage.  And I don't immediately view the video every time I see a camera notification ...

 

That says to me that if I want to catch intruders in the act, a professional monitoring service is the best approach.   The DIY systems will give me some information on what happened - but I'm just not going to monitor every alert in real-time 24 hours a day.

 

StephenB
Guru Guru
Guru

@NewfieDrool wrote:

Also if they had access to his account they would not bother jamming 

 


I agree there.  It's not clear to me that they did have access to the account.  But I suggested changing the password just in case.

 


@NewfieDrool wrote:

 

Half these issues are because people just don’t know what’s going on. I wish more people took a more active role in understanding how to keep secure online.

 


Unfortunately people do tend to ignore network security.  Router vendors are tending to push updates in response - as Arlo has always done.  Browser suppliers are also always tightening up on security settings - that's one aspect to the flash issues we see here.  

 

But the security attacks are quite sophisticated, and most people simply won't be able to understand how they work (and they don't understand the basics of the security protocols anyway).  I think vendors need to take the lead, and make sure that security is in fact built-in, and that they deploy the needed patches in a timely way.

 

Users do need to understand the human elements of security - phishing attacks in particular.

Discussion stats
  • 5 Replies
  • 2219 Views
  • 3 Likes
  • 4 In Conversation