Arlo|Smart Home Security|Wireless HD Security Cameras
× Arlo End of Life Policy Notice
To view Arlo’s new End of Life Policy, click here.

Reply
Discussion stats
  • 2 Replies
  • 2927 Views
  • 0 Likes
  • 2 In Conversation
Arlowithdafeds
Aspirant
Aspirant

I purchased an arlo pro system a little over a month ago, after which point I did start to notice some strange happenings with any electronic communication device, be it a computer, mobile phone, etc. I did not associate any of this with the Arlo base station initially. I'm in cyber security and most of the strange happenings didn't seem to coincide with what a bad actor or lone black hat would do, or even be able to do, mostly because most of the strange occurences occured openly.

 

Regardless of that, very recently I just so happened to have downloaded some footage with background speech, and intended to clean the audio up with audacity to hear the recorded speach clearer. One of the initial issues was that this camera is placed overlooking a yard wherein there is a large AC unit that produces significant noise, and at night the sound of crickets is near deafening. Yet one can still fainlty make out the sounds of a conversation.

 

I was shocked then as I cleaned the audio up further, that it seemed to be my voice that was recorded. To make matters more strange (worse) I realized that this was a recording of a specific conversation I had held with a few friends of mine, OUT OF STATE. Yes, in another state, well over a hundred miles away. Save for the Arlo app on my smartphone, the device should have no connection to me, or my conversation. Essentially, this audio was layered over the droning of the AC and crickets, as if those noises were used conveniently to mask the recording's presence. I realize this seems utterly bizzarre, as why would a government or state-level agency with a subpoena could have easily petitioned my ISP and/or phone service provider to perform a tap. The same day as this recording I also noted that the "Textfree" app on my phone (while out of state) was detected using the mic in the background without permission. This doesn't necessarily mean it was recording, but I believe that to be pretty likely.

 

As I understand it, the arlo base stations do not retain any data themselves for storage, they simply route it to the "cloud." So, it appears as though the arlo base station, connnected to my router/modem was used as a waystation for any number of these recordings, and for whatever purpose. It's strange that they remained stored, as they were manual recordings I do not believe I initiatied in the first place. It's strange, because again, there are easier ways to monitor and record someone without the need to use an arlo product. A simple speaker connected to a laptop can be inverted remotely and used as a recording device. And, of course, the audio wasn't actually recorded by the arlo, it had to have been absolutely recorded from my mobile device, then sent for storage to the arlo cloud, layering a video with nothing but environmental noise with this conversation's content.

 

I have spoken to the Arlo tech people in India and they actually act either very confused, or very suspicious. I'm curious as to just what is going on, and why. I don't expect there to be any cause that I have any attention from any law enforcement agency, but again, even if I had, the route and methodology employed to garner these recordings (yes, there are several I'm sure) was very unorthadox. Also, I might mention that as I made this discovery and logged into the Arlo portal, I was alerted that my base station was off. It also reset itself frantically.

 

So, thoughts, opinions, ideas?

2 REPLIES 2
TomMac
Guru Guru
Guru

If anything, I would suspect the phone only... Would do a full wipe of the phone to eliminate any possible malware.

There are many ways to get malware items on your phone. ( personnally don't think its from Arlo as any item/app can get infected if the underlying phone is already ) And there are many easier ways.

 

The govt would just access the phone directly from the telco switches ( as I use to do under court order )

--------------------------------------
Morse is faster than texting!
--------------------------------------
Arlowithdafeds
Aspirant
Aspirant

Which is why I said I didn't suspect it was the government. I would agree with you that Arlo had nothing to do with it except for the trove of information I now have based off of their domain host, "iyazy6697", and all of the wonderful things I found about that handle, and a shell company I suspect he's connected to (for which he has specialized in numerous large scale CCTV and Security Camera projects, etc). Either he works or is in one way or another associated with Arlo, or it's a massive coincidence that their entire customer service and other operations appear to be ran out of India.

 

I may be preparing a lawsuit promptly if at all possible, among other things. Like perhaps reporting to the US gov. I'd suggest other users investigate their recorded videos, especially if on a subscription. You can search "Iyazy" and anything tech related (advanced search) in quotes to reveal the handle and its different associations. I actually haven't started digging too deeply but it's becoming pretty clear to me. I had also noticed (using cports) that the domain was opening and using ports, unknown system processes, etc. during my phone call with them. I only connected the two because weeks ago in the midst of other issues I kept noticing another iyaz-related domain accessing browser information. I didn't think much of it until now. Iyazy is most likely hindee (Indian), and the particular shell company I refer to is Arabic, yet has done substantial work for Indian government.

 

Sounds pretty absurd and conspiratorial, but I will garner additional information as time permits.