Arlo|Smart Home Security|Wireless HD Security Cameras

Guest Brightness control is a potential security risk

Reply
Discussion stats
  • 3 Replies
  • 4331 Views
  • 0 Likes
  • 2 In Conversation
rcalver
Aspirant
Aspirant

I gave someone guest access to one of the cameras and recently noticed that it was much darker.  From this to this.  As you can see it's much harder to make out details.  It took me a bit, but I figured out that the brightness level had been turned down to the minimum.  

 

It doesn't appear that the guest did anything suspicious beyond that, but I'm still reluctant about whether I'll let them keep access.  I think I trust him well enough, but would really rather not rely on trust.  

 

Also, that said, guest accounts should be able to be given access to zero devices (currently the save button is greyed out when no device is checked) or the account suspended.  As it stands the only solution is to delete his account completely and then go through the new account process whenever he wants to review videos.  

3 REPLIES 3
JamesC
Community Manager
Community Manager

recalver,

 

These rights can be adjusted by toggling access rights within the Grant Access settings. Take a look here for a list of things that shared users will or will not have access to based on access rights:

 

What privileges do my friends have when I grant them access rights in my Arlo account?

 

JamesC

rcalver
Aspirant
Aspirant

That's just the thing - they don't have access rights.  Yet they have control over the brightness.  

 

Also, that same camera recently had night vision disabled.  I'm the only person with access rights.  So, either there's a problem with the perms of guest accounts or there's a security hole that my guest was able to use to get admin access to the system... either way, something isn't right here.  

JamesC
Community Manager
Community Manager

rcalver,

 

Friends without access rights have the ability to control the camera brightness. Take a look at the list in the article linked above for a list of what users can do with or without access rights.

 

JamesC