Arlo Cameras 'Hacked'
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
A few years ago I reported some problems with my camera system to Arlo. The first was one I spotted on day 2 of owning the system. There is an issue with how the specific Arlo SmartHub model I own (perhaps all of them) which causes sub-optimal Wi-Fi channel selection. In a densely populated area the SmartHub will sometimes seek out the worst possible communication frequency to use (seriously). The workaround to configure the Wi-Fi channel you want it to use is tedious and imperfect. I requested, on this forum, years ago, that it be fixed. Nothing happened.
I had other problems with my cameras, several of them. I discussed these various problems with Arlo support. I was basically told that my Wi-Fi setup was to blame. I suspected that wasn't the case so I did some deeper learning about how Wi-Fi signal interference worked, established that it wasn't a signal problem after many weeks of investigating and experimenting, and decided I would create a YouTube channel and a couple of videos as an educational tool for the support staff I was dealing with. That actually seemed to work. They took my problems seriously and, after a time, provided solutions to some of my problems. I went on to create a video about the Wi-Fi channel problem with the SmartHub in they hopes that Arlo would see the light and correct that problem. They did not, and have not.
I was going to create another educational video of the same kind but in the course of my troubleshooting I came across a particularly annoying bug, one that caused Arlo cameras to fail to record to the cloud in certain circumstances. I reported the bug to Arlo immediately, expecting the quick response and resolution that such a bug merited. Nothing happened.
I decided to create a video to illustrate the problem. I did that and sent it to Arlo Support and to staff operating this forum. I did not make the video public. The problem was quickly resolved, partly. There were still bugs which could be exploited, very many months later. I decided to post the video on YouTube - titled 'Hacking Arlo camera using kids toys'. I left the issue at that and went on with my life, hopeful that Arlo would fix the bugs in time. They have not done so. In fact, it very much looks like they've now been hacked (or that they've chosen to change settings on my cameras for a bit of fun, several times). More information in the full video description. The other videos on the channel illustrate the Wi-Fi problem they still haven't fixed. 'Security Is In Our DNA' apparently.
https://www.youtube.com/watch?v=AJysMlpeabA
- Related Labels:
-
Troubleshooting
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
For the fourth time this happened again today. The settings on three of my cameras were 'reset'. That word is in quotes because the settings on the cameras were not reset to factory defaults. The 'zoom function' on the affected cameras were set such that a tiny portion of the field of view that those cameras can 'see' was selected after camera settings were changed. This is not a factory default setting - where only a tiny area of the viewable image is set to record. This change renders the cameras useless for the purpose of security. The factory default is to 'see' the entire viewable area. In effect, three of my cameras were disabled, again, for the fourth time. Just three, of my five cameras. Just the three that were used to create the video - the other two are immune this problem, apparently. Unfortunately Arlo do not provide a facility to view access logs on my account. Why would such a thing be useful on a security system? I mean... who needs actual security, right? A toy is much better than a tool, right? To see who accessed my account and identify anyone who may have changed camera settings? Four times now my cameras have been 'hacked', some time after I posted a video about flaws in the Arlo system. Either some individual in Arlo is doing this or an external hacker is doing this. This is not merely factory reset behaviour (which would be disgustingly incompetent in itself). This is three of my five camera having settings changed in such a way that they become useless, on four occasions, and just the three used to create my video!
Good people of Arlo - I bet you have access logs even if we, the customers, don't. Please investigate. It took me almost an hour today to reset the settings on the affected cameras (the activity zones are particularly painful). Working again? Yes. I shouldn't have to watch them like a hawk though. They should just work - I paid a lot for these cameras, and continue to pay a subscription. Check please, to see if this is some rogue member of staff or an external hacker. Fix it! Please! (Also - The Wi-Fi channel thing is annoying, please fix that too, that would be nice. Let me choose the channel, like I can on every Wi-Fi device I've ever purchased. How hard can that be? Seriously? 'Expert Mode' settings. Cool! Right? Way cool).
TL;DR - my cameras were hacked again and either Arlo staff did it or they are unable to identify who did.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I have reached out to the development team to look into this further as well as sent you a private message.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
@Mick_Phelan I have reached out to you via DM on August 29th. Are you still seeing this same behavior?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Apologies @BrookeN for my late reply. I do not often check the email address associated with this account. I have responded to both of your private messages and sent the appropriate log files, from the app, which just tracks activity on the app, not the system, which is less than ideal.
This happened again tonight for the fifth time. This time the settings on only one camera were changed in such a way as to make the camera useless for security purposes. I haven't gone through all the settings yet to see what's been changed because it's late and it's a hassle. This is a screenshot from the Arlo web portal showing the effect of the change:
Looking forward to seeing some kind of serious investigation on what's happening. It's almost as if someone's sending a message. To me, presumably, from someone Arlo, annoyed about my video or something petty like that. If that's true, that's the kind of thing that happens at Arlo with zero consequences for whoever is doing it. What else could possibly be the cause of this, right? Fix it please, fix it all, make it into a real security system.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
For the record, this is what that camera should look like, just like the video.
Very few settings were changed this time (Thanks for that!)
Settings changed this time, all on 'Front Door' camera:
Zoom setting - changed such that only a tiny corner of the image is recorded
Power management setting - Changed from 'Best Video' to 'Optimized'
Local 2K live streaming setting - Disabled
Camera LED setting - Set to 'On'
Brightness settings possibly changed
Activity zones remained intact, camera remained connected to the SmartHub (as on all previous occasions), no other cameras affected this time. As usual, each time this happens it's slightly different, because it's being done manually, not a reset, these are inconsistent manual changes, done by someone with access. 'Security is in our DNA'.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I provided this information to our development team to investigate. I will update you as soon as possible.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Can you provide what settings are changing? What were the settings previously and what did they change to?
-
Arlo Mobile App
397 -
Arlo Pro 3
7 -
Arlo Secure
2 -
Arlo Smart
308 -
Before You Buy
290 -
Features
388 -
Firmware Release Notes
4 -
Installation
344 -
Online and Mobile Apps
15 -
Service and Storage
17 -
Troubleshooting
1,785