Arlo|Smart Home Security|Wireless HD Security Cameras

Reply
Discussion stats
  • 13 Replies
  • 2068 Views
  • 0 Likes
  • 4 In Conversation
DF1970
Aspirant
Aspirant

Arlo needs to add the option/capability to be able to retrieve recently deleted videos from the cameras. I'm a bit surprised this option is not available. First of all because sometimes a video recording may be deleted by accident. Second, if someone hacks your account and deletes recordings, there will be an option to go in and see that someone has been deleting your recordings, and the option to recover those recently deleted recordings would be available to recover those recordings. This option is crucial to have in any home security, especially if one is dealing with tech savvy criminals trying to cover there tracks.   

13 REPLIES 13
jguerdat
Guru Guru
Guru

Well, that increases storage costs which would be passed on to the consumer. The current plans offer 30 storage which is better than most older plans. The use of local storage using a hub also allows you to keep all motion-detected recordings forever and only has one up-front cost as opposed to a continuing one.

DF1970
Aspirant
Aspirant

It is a challenge/opportunity regarding storage and potential increased costs. Where there are challenges there are solutions.  However, the option of recording and storing locally does not address the threat adequately.  We're in an environment where AI and tech savvy criminals are becoming more prevalent, and the AI is actually enabling malicious actors.  Recording and storing locally does absolutely nothing to protect against a malicious actor who hacks your cameras. If they can hack the camera and delete recordings from the Arlo device's storage they can also access and delete locally recorded and stored videos as well. It's all done from the same menu options when logged in (or hacked in). This is a gaping hole in security, because a tech savvy criminal can hack in and delete potentially CRUCIAL EVIDENCE.  An end user would never know it happened because there is no option to review recently deleted recordings to determine if someone other than the account owner is deleting recordings.  The only possible telltale sign would be a noticeable gap/anomaly in recording times.  For example if a camera normally has high activity during a certain time frame, yet there is no activity.  This is an indicator, but not proof. The option to view deleted recordings would determine if the anomaly is just that, a lull of activity in normally high traffic time frames or a bad actor attempting to cover their tracks.  After all, the purpose of having the cameras is not only to deter but actually catch the bad actors.  Also if I'm going to record and store locally I may as well go to a fully hard wired camera system which is a little more expensive up front, but it's a one time cost and I can control the storage and no more monthly plan fees or wireless network hacker threats.  This is something I am strongly considering. Also, there is the issue if Wi-Fi jamming which I think has been occurring too, but I won't dive deep into that.  These are serious issues for people who are serious about their home security and they must be addressed.  If we take a hard look around, threats are increasing not decreasing and the bad guys are stupid in many ways, but technology is enabling that stupid.

StephenB
Guru Guru
Guru

@jguerdat wrote:

Well, that increases storage costs which would be passed on to the consumer.

The alternative (which you always recommend yourself) is to never delete anything.  Which of course would cost Arlo the same amount in storage costs as having a trash bin.

DF1970
Aspirant
Aspirant

Apparently you did not read my comments and/or fully comprehend my concern. My concern is with an unauthorized 3rd party, also known as a HACKER, gaining access to (also known as HACKING) my account and deleting recordings.  If someone does this you have absolutely no way to know.  In other words, if I hack your account and start deleting your videos you will never know. Being able to review recently deleted recordings would tell you if someone is deleting videos other than you.  It would not take up that much more space or create that much additional cost. So stop with the enormous additional costs BS.  You sound like an executive bean counter for the company and not someone who is truly concerned about security and improving the quality of the product.

 

The deleted videos server does not need to keep videos for 30 days, maybe 3 or 4 days and then auto delete.  There should NOT be an option to delete videos out of a recently deleted videos menu/server as the HACKER could then delete those as well. Anyone who is remotely concerned with their home security should be reviewing videos daily and can check the recently deleted videos menu as a failsafe. Also include the option to recover/download any video that has been either deleted by a hacker or mistakenly deleted.  Serious issue that needs to be corrected.

StephenB
Guru Guru
Guru

@DF1970 wrote:

Apparently you did not read my comments and/or fully comprehend my concern. My concern is with an unauthorized 3rd party, also known as a HACKER, gaining access to my account and deleting recordings. 


Of course a hacker could also just delete your account altogether.  Or change your password and email. Two-factor authentication is IMO a better defense.

 

In any event, I agree having the ability to undelete recordings would be a good thing. 

 

But if you are saying that Arlo shouldn't allow users to permamently delete a recording before the 30 days are up in order to thwart the hacking threat, then I very much disagree.  Users need to be in control of their data.  So if there is a trash/recycle bin feature added, users need the ability to empty it.

 

 

 

 

DF1970
Aspirant
Aspirant

Okay so then we disagree. But it seems you're attempting to deflect from my stated concern which needs a solution. 

 

Users would be in control of their data. You can still delete your recordings at any time. It really should not be that big of an issue for a user to wait 3 days for a deleted video to auto purge out of a deleted videos menu.  It's not like it's going to hurt anyone.  Unless of course they're trying to hide some thing themselves. 

StephenB
Guru Guru
Guru

@DF1970 wrote:

 But it seems you're attempting to deflect from my stated concern which needs a solution. 


No.  I already pointed out that the usual solution is already in place, which is two-factor authentication.  It is a nuisance, but its purpose is to prevent hackers from being able to access your account in the first place. 

 

And there is a second measure available for the Arlo Pro 3, which requires a hub.  That's to add usb storage to the hub for local storage.  While that storage can be reformatted from the app, there are tools out there that could still be used to recover the local recordings.

 

You obviously think that's not enough; I think it is.  

 

We also disagree on the importance of the threat.  I am more concerned about a hacker using the cameras to monitor me than I am concerned about their ability to delete footage.

 

To be clear - I don't work for Arlo or represent them in any way.  I'm just another user.

jguerdat
Guru Guru
Guru

@StephenB wrote:

@jguerdat wrote:

Well, that increases storage costs which would be passed on to the consumer.

The alternative (which you always recommend yourself) is to never delete anything.  Which of course would cost Arlo the same amount in storage costs as having a trash bin.


Only if the trash bin is the same size as what the plan allows (30 days currently). I suspect more folks would prefer something longer. 

 

Regardless, 30 days is already budgeted for in Arlo costs for storage. I'm not sure costs would remain the same.

DF1970
Aspirant
Aspirant

I'm using a hub and multi-factor authentication. If your account is hacked the videos can be deleted even if storing locally.  Multi-factor authentication is not unhackable or infallible.  It can be breached. Ask anyone in the military or govt. They get hacked all the time and use all kinds of MFA.  A sophisticated hacker will get around it.

 

Sounds like you're using the cameras indoors which does create a concern regarding spying. That's of course not limited to the cameras, but phones, TVs, and other things pose this risk as well.  Even the refrigerators these days. There are some easy solutions regarding that. If at home and don't want them watching just turn the camera off in the app or use a lens cover or both for good measure.  I use them around the perimeter of my house so not as concerned with them spying on me, however I think there is some of that going on.  But I don't really care if someone watches me outside. If that's what gets their jollies off more power to them.  Funny thing is I'm pretty sure I know who the hackers are too.  Been collecting data on that.  

 

Actually I think we do agree on one thing. Users need control of their data. Which means they need a brief window of limited access to deleted videos.  Having access to deleted videos could be one more piece of evidence to use against the baddies

Edinburgh_lad1
Prodigy
Prodigy

It's your responsibility as a user to have a strong password and 2FA. If someone is able to hack into your WiFi/cloud and delete your videos because of your weak security, then it's your problem. I don't know of a CCTV system that has the option to undelete videos. Besides, if you use the SD card storage option on the base station, then you can't delete videos within the app. You'd have to use a PC to do that from what I remember, which in itself is a good way of avoiding accidental deletion. Of course, there is an option within the app to format the SD card but again, if you have weak security in your system, then who's to blame?

DF1970
Aspirant
Aspirant

You assume a bit much. My security is anything but weak. I'm not one to brag about my experience or credentials, but trust me it's extensive.  As I stated previously I'm dealing with a very sophisticated hacker.  So stop assuming things about the level of my network security.  

jguerdat
Guru Guru
Guru

@DF1970 wrote:

I'm using a hub and multi-factor authentication. If your account is hacked the videos can be deleted even if storing locally.


Not true. In order to delete local recordings, the hacker would need to connect into your home network - they're not accessible unless 1) you're at home on your network or 2) you have set up port forwarding or a VPN to access your network as if you were home and the hacker has discovered that and made suitable connections.

DF1970
Aspirant
Aspirant

Yes it is true.  If someone hacks your account, it's safe to assume they may be hacking the network too.  At no point in my comments did I claim the hacker did not access my home network.  Again more assumptions.  In fact, I know they have accessed my home network.  Any sensitive data, I have stored on air-gapped devices so it can't be accessed.  At this point, I am letting my network serve as a honey-net to collect data.  Being able to view a brief window of deleted video data on my cameras would contribute to this.  I'm sure you're familiar with the phrase, "never interfere with an enemy or criminal who is in the middle of destroying themselves".   Let the stupid keep doing stupid unless there's a threat of someone getting hurt.  Unless however,  it's the stupid.  In that case I may not mind watching it happen.  Stupid games win stupid prizes.  So, I am dealing with a very knowledgeable and sophisticated hacker.  But they are a stupid level of sophisticated.  Because let's face it, only stupid people spend their time hacking other people's networks. 

 

Let me provide a little info about hacking wireless networks and any devices connected to them.  You may already know this, but I want to put it out there so it will help others who may have this problem in the future to narrow the scope of possible perpetrators.  In order to hack a wireless network, the hacker must be within range of that wireless network or have planted a device to facilitate this within range of that network. Unless that entity is the government or some other nation state actor.  So if it's a home network it is most likely a neighbor hacking the network.  Various 3 letter agencies and other nation state intelligence services have the capabilities to hack it without being in range with few exceptions.

 

The emergence and availabilty of A.I. which is posing a wide array of threats, is facilitating this particularly at the micro level where there are plenty of nefariously stupid people looking for new ways to do bad things.  Combine that with virtual machines, machine learning, virtual switches, virtual routers, virtual hubs, EoP (Ethernet over Power), PoE (Power over Ethernet) etc. and the potential is there for low level bad actors to do a lot of harm.  And the folks lacking depth of knowledge about these things will not even realize what's happening to them until it's too late.

 

If not familiar with these things, please research particularly about virtual machines (VMs), EoP, PoE, virtual switches and routers.  The potential for bad in the wrong hands is terrifying.  Throw A.I. into the mix and it gets worse.  Someone can hack your home using EoP and a virtual switch and shut your washer, refrigerator even you're AC or heating down.  And it doesn't even have to be a smart appliance.  Imagine that being done in very inclement weather like many are experiencing now.  In a word that's called weaponization.

 

I've offered my recommendation here in this thread for Arlo to improve their product.  But it seems like most things people want to reject a good idea and focus on all the negative reasons and why it can't instead of why and how it can.    So take it or leave it at that folks.  Nothing further to say here. 

 

Be safe and acknowledge the threats.  They're real. 

Discussion stats
  • 13 Replies
  • 2069 Views
  • 0 Likes
  • 4 In Conversation