At the very least it's bizarre that information uniquely identifying your hardware is available in plaintext, but what concerns me most is the rtsp link that shows up when you begin live streaming.  The link is of the form

rtsp://vzwow....netgear.com:443/vzmodule/CAMERAID_123456?ingressToken=HEXSTUFF?cameraId=CAMERAIDso fa

So far, I've been unable to play this link from VLC, which is promising, but I haven't tried very hard.  Even if the link is unusable (e.g. the token is single-use and is showing up in the TCP stream only after it was used), I'd still like to know why it was sent at all.

So this is interesting...  I ran a few captures today, and it appears that the entire dialog betwen base and netgear/aws is now encrypted  The strange "ingress tokens" and rtsp links are gone, or at least no longer in plaintext.  This is a tremendous improvement.

For the record, no.  It would have been nice to get some official resoponse from Netgear on a topic this serious.

_____________

Hello platron,

Your topic recently received a reply.

Topic: Encryption

Date: 2016-01-19 02:15 PM

Did it solve your problem?

Click here to view the reply and mark one as an Accepted Solution.

This helps others find helpful answers in the community too!

Hi @platron, could you share with me how you are doing the sniffing?

I'd like to do the same on  my own setup too. As I've posted before here (Arlo is being Blocked by Privoxy. What server address should I whitelist?), I can't use livestream because Privoxy in my DD-WRT modem is blocking it. I've tried whitelisting .amazonaws.com and .netgear.com without any luck, so I'd really love to know what other address it's trying to access when clicking the livestream in order to try to whitelist it too.

Thanks and please let me know also if you already know what other address I should whitelist!

Best

Wireshark, principally.  If your devices are connected over a modern ethernet switch (as opposed to a hub) or via WPA2 with session-level encryption, then you may also need to use iptables on your router to redirect traffic to wherever you're running wireshark.

No @jguerdat, I didn't actually got to it. I'm pretty sure that they'll tell me (if they reply at all) that I have to troubleshoot which address I'm trying to access first and then allow that to be bypassed. But since it's installed in DD-WRT (an embedded system), I have no easy way to generate logs in my case (I'd have to add JFFS2 storage to a physical unaccesible modem), that's why I'm still trying to figure it out myself.

Thanks for the suggestion, though. I'll certainly submit it after a couple of months, when I get more time, and if I haven't fixed it myself already.

Regards.

Thanks for the reply @platron! You were just typing as I was posting my previous message! 

Yeah, I've tried with Wireshark and had to install the special drivers, but I didn't have the time to mess with it and the DD-WRT configuration, so I left it there.

Would you happen to have it installed or some logs from your previous tests? Could you confirm me if there are other address besides these two that are tryed to be reached when you click on of the "Live" icons on the desktop web UI (not the app):

.amazonaws.com
.netgear.com

Thanks!