Arlo|Smart Home Security|Wireless HD Security Cameras

Reply
Discussion stats
  • 9 Replies
  • 7554 Views
  • 0 Likes
  • 4 In Conversation
platron
Star
Star

I've noticed that, while traffic from the netgear base station to the cloud seem to be encrypted, there's quite of a bit of plaintext being sent back.

For example, I see stuff like this:

 

[{"from":"123-1234567_web","to":"MYBASE","transId":"web!b0b0b0!12345678910","action":"set","resource":"subscriptions/123-1234567_web","responseUrl":"","publishResponse":false,"properties":{"devices":["MYBASE"],"url":"https://vzweb05-prod.vz.netgear.com/hmsweb/publish/123-1234567"}}]

where I've changed possibly identifying text to something like 123..., but MYBASE in the original transmission is the actual S/N of my base station.  What is this information used for and why isn't it encrypted?

 

 

 

9 REPLIES 9
TomMac
Guru Guru
Guru

Your right in that the video info needs a 'key' as for the some of the data, it is in plain text ...Ive noticed the same thing... on it's way to / from Amazon servers.

But I really don't worry about that, but more that someone can't tap into the vids to get an inside view of the home/layout ( which is keyed )

--------------------------------------
Morse is faster than texting!
--------------------------------------
platron
Star
Star

At the very least it's bizarre that information uniquely identifying your hardware is available in plaintext, but what concerns me most is the rtsp link that shows up when you begin live streaming.  The link is of the form

 

rtsp://vzwow....netgear.com:443/vzmodule/CAMERAID_123456?ingressToken=HEXSTUFF?cameraId=CAMERAIDso fa

 

So far, I've been unable to play this link from VLC, which is promising, but I haven't tried very hard.  Even if the link is unusable (e.g. the token is single-use and is showing up in the TCP stream only after it was used), I'd still like to know why it was sent at all.

 

platron
Star
Star

So this is interesting...  I ran a few captures today, and it appears that the entire dialog betwen base and netgear/aws is now encrypted  The strange "ingress tokens" and rtsp links are gone, or at least no longer in plaintext.  This is a tremendous improvement.

platron
Star
Star

 

For the record, no.  It would have been nice to get some official resoponse from Netgear on a topic this serious.

_____________

Hello platron,

 

Your topic recently received a reply.

 

Topic: Encryption

Date: 2016-01-19 02:15 PM

Did it solve your problem?

Click here to view the reply and mark one as an Accepted Solution.

This helps others find helpful answers in the community too!

Timmy256
Apprentice
Apprentice

Hi @platron, could you share with me how you are doing the sniffing?

 

I'd like to do the same on  my own setup too. As I've posted before here (Arlo is being Blocked by Privoxy. What server address should I whitelist?), I can't use livestream because Privoxy in my DD-WRT modem is blocking it. I've tried whitelisting .amazonaws.com and .netgear.com without any luck, so I'd really love to know what other address it's trying to access when clicking the livestream in order to try to whitelist it too.

 

Thanks and please let me know also if you already know what other address I should whitelist!


Best

jguerdat
Guru Guru
Guru
Did you ever open a case with support to see what they might be able to suggest?
platron
Star
Star

Wireshark, principally.  If your devices are connected over a modern ethernet switch (as opposed to a hub) or via WPA2 with session-level encryption, then you may also need to use iptables on your router to redirect traffic to wherever you're running wireshark.

Timmy256
Apprentice
Apprentice

No @jguerdat, I didn't actually got to it. I'm pretty sure that they'll tell me (if they reply at all) that I have to troubleshoot which address I'm trying to access first and then allow that to be bypassed. But since it's installed in DD-WRT (an embedded system), I have no easy way to generate logs in my case (I'd have to add JFFS2 storage to a physical unaccesible modem), that's why I'm still trying to figure it out myself.


Thanks for the suggestion, though. I'll certainly submit it after a couple of months, when I get more time, and if I haven't fixed it myself already.

 

Regards.

Timmy256
Apprentice
Apprentice

Thanks for the reply @platron! You were just typing as I was posting my previous message! Smiley Happy

 

Yeah, I've tried with Wireshark and had to install the special drivers, but I didn't have the time to mess with it and the DD-WRT configuration, so I left it there.

 

Would you happen to have it installed or some logs from your previous tests? Could you confirm me if there are other address besides these two that are tryed to be reached when you click on of the "Live" icons on the desktop web UI (not the app):

 

.amazonaws.com
.netgear.com

Thanks!