Arlo|Smart Home Security|Wireless HD Security Cameras
× Arlo End of Life Policy Notice
To view Arlo’s new End of Life Policy, click here.
Arlo Community

Pro 2 was hacked? Have 2FA setup already.

Reply
Discussion stats
  • 6 Replies
  • ‎2021-03-31 05:34 PM
  • 1573 Views
  • 0 Likes
  • 3 In Conversation
UpsetUser13
Aspirant
Aspirant
‎2021-03-31 05:34 PM
My Arlo Pro 2's were hacked 2 days in a row. On the first day, someone started moaning and screaming through the two cameras inside my house. On the second day they said "I really like your dogs.". They also triggered the Alarm system both days.
 
I have 2FA set up, and even if I log in on my personal computer I have to give permission for the login to occur. I'm beyond frustrated and freaked out, and ARLO does not keep a log of logins from devices and told me to just "change account email/password" when I called them for support.
Labels:
0 Likes
Reply
Message 1 of 7
1,573
6 REPLIES 6
jguerdat
Guru Guru
Guru
‎2021-04-01 06:12 AM

I don't really think you were hacked but if you're convinced, remove all devices from Settings, My Devices and start fresh, perhaps with a new account using a second email address. Before doing this note all settings, modes, rules, etc. to speed the rebuild.

0 Likes
Reply
Message 2 of 7
1,542
StephenB
Guru Guru
Guru
‎2021-04-01 06:25 AM
@jguerdat wrote:

I don't really think you were hacked 

It doesn't sound like it to me either.  It sounds to me like someone was actually close enough to the cameras to trigger them.

 

Are you using audio alarms?  Or only the video ones?  If audio alarms are enabled, someone outdoors could potentially trigger an alarm (just by being loud enough).

0 Likes
Reply
Message 3 of 7
1,538
UpsetUser13
Aspirant
Aspirant
‎2021-04-06 06:27 AM

My homebase is not audio enabled, so no sound would have been able to trigger the alarm. 

 

Also, to clarify, this is not me "hearing" someone yelling through the camera and me hearing it through the app - this is the camera being remotely controlled (as if through the App), and someone speaking to me through my own cameras just as if I was using the App to talk through the cameras.  These cameras are located in my house, and someone was telling me they love my dogs THROUGH my own cameras....

 

This indicates to me that they can: 
A) See through the camera to know that I HAVE dogs.

B) Speak THROUGH my cameras just like I can through the app interface.

 

What leads you to believe this was not a hack?  I'd like to understand as much as I can about this scenario so that I can defend against it moving forward.

 

 

0 Likes
Reply
Message 4 of 7
1,483
StephenB
Guru Guru
Guru
‎2021-04-07 03:40 AM
@UpsetUser13 wrote:

this is not me "hearing" someone yelling through the camera and me hearing it through the app - this is the camera being remotely controlled (as if through the App), and someone speaking to me through my own cameras just as if I was using the App to talk through the cameras. 

 

Thanks, that does clarify the situation - and does sound like a hack.  Take a look at the 2FA settings, and see if there are any trusted devices that you don't recognize.  Also look at the friend access, since that would bypass 2FA.

 

If nothing is wrong there, and changing the arlo password doesn't help:  That suggests that something else has been hacked, and that your arlo password is being picked up from that device.  For instance, if you use chrome with sync, it could be your google account.  It could also be that a PC or mobile device has been hacked.  So in this case I recommend running a malware scan on any PCs and changing other passwords.  

0 Likes
Reply
Message 5 of 7
1,463
UpsetUser13
Aspirant
Aspirant
‎2021-04-10 08:44 AM

Thank you for confirming.  The only trusted device was my wife's phone, and she also received no 2FA notifications.  We don't permit access to any friends, so we're the only two it could have been.

 

What I find so strange about this is that even if I log in from my personal Laptop - it prompts me on my phone to 2FA verify the login.....  

 

I've recently updated all of my accounts and passwords and disabled them from being stored in Google.  I've also done the recommended Malware scans and have tightened up my security in any way possible.  Trust me, this was a crash course on Network Security so I've been trying to do everything I can to protect against it in the future.

 

Thank you for your help.

0 Likes
Reply
Message 6 of 7
1,425
StephenB
Guru Guru
Guru
‎2021-04-11 04:38 AM
@UpsetUser13 wrote:

Thank you for confirming.  The only trusted device was my wife's phone, and she also received no 2FA notifications.  We don't permit access to any friends, so we're the only two it could have been.

 

What I find so strange about this is that even if I log in from my personal Laptop - it prompts me on my phone to 2FA verify the login.....  

 

So 2FA is working as designed.  Did you also double-check that there is no "friend" access?  (I understand you didn't set that up, but if someone did have access via the main account, it's an obvious back door).

0 Likes
Reply
Message 7 of 7
1,395
Related Labels
Discussion stats
  • 6 Replies
  • ‎2021-03-31 05:34 PM
  • 1574 Views
  • 0 Likes
  • 3 In Conversation

Arlo
Support

Visit our support page for answers from simple setup to security optimization. Search for something specific or select a product or category for helpful articles and videos.

Visit Arlo Support

Arlo App
for Support

For personalized support specific to the Arlo products you own, access Support from within the Arlo iOS or Android App. Simply login to your Arlo App, go to Settings, Support, then select the Arlo product you would like support for.