Email notifications should require login to view the linked video
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi all
I have a serious security concern regarding video links attached to email notification require no login to view them. Video's access can be gained by a hacker if email is intercepted or there is an attempt to use brute force to scan through available videos. There must be a setting to control this or make login a default setting.
thanks
- Related Labels:
-
Online and Mobile Apps
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Explain how an attack would have access to your cameras/videos even if they have access to your emails.
explain in detail the attack you believe makes this a security risk.
have a look at this to understand the connection for shared videos
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
video link attached to the email sent by Arlo alert goes directly to the video recorded as the result of that alert without asking for the login details.
my concerns are that email can be managed in a shared manner. can be stolen (with the phone device for ex), can be hacked using email host vulnerabilities. I'd like my Arlo to be secure on it's own.
hope it makes sense. thanks
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Not really, it’s secure only the shared video is shown, you can’t access the account this way.
its up to you to insure your email or device connection is secure but no one can get any more info about your account from a shared video and as it’s an option to share it’s down to you who or what you share.
the connection using HTTPS is nice and safe and not a concern if that’s worrying you.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
thanks for your reply
I don;t think you read the scenario clearly. Let me explain this again. I set the alert to receive an email notification when the alert is triggered. When triggered, Arlo sends an email notification to myself with the link attached to the video it's just captured. That link goes to the video directly without Arlo prompting for login. I think it's not secure.
It has nothing to do with what protocol it's using to access it. I also didn't set any sharing on this video.
hope it's clearer
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
If someone else picked up your email they would see the video, they can’t log in to your account. There is not security risk. What you are asking for is a shared video should be protected and a login required to view. So say you send it to someone they need permission to view as well.
Why do you require a log in to view, it’s safe. What your saying is someone has breached your emails they can see the video. That’s fine they still can’t access anything but the shared video.
I think you may be worrying too much, it’s fine as it is but of course you could always ask Arlo to implement a pin protection system so it can be viewed but I don’t see that happening.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
i don't think it's fine and I think it's substandard. I understand that link is only available for 24 hours, but nevertheless, I think it's shouldn't be created in the first place unless asked (email can just say there was an alert) or ask to login to view it.
It also opens potential risks of capturing those videos via brute force type attacks. I don't think it's over top requirement at all.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
There’s a link to support if you wish to raise your concerns on the header of the forum.
If at any point you feel your email has been breached or have concerns regarding that you need to take that up with the service provider.
Just insure you have a good security ie passwords for your email and that your network has the security in place you deem is sufficient for your needs. Make sure any devices that receive emails are protected from unauthorised access.
Never give out your credentials by any means.
ill link this too.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
cheers
-
Arlo Mobile App
582 -
Arlo Pro 2
11 -
Arlo Smart
170 -
Before You Buy
983 -
Features
423 -
Firmware Release Notes
57 -
Google Assistant
1 -
IFTTT (If This Then That)
24 -
Installation
1,126 -
Online and Mobile Apps
865 -
Service and Storage
317 -
SmartThings
37 -
Troubleshooting
6,201