Arlo
Support

kongee · ‎2016-10-28

Chat Conversation Start

176K people like this

Electronics

12:53PM

I've had my Arlo system for a few months and love it. I love the sleek look and the wireless capability.
Since last week, I've turned off the system because I got concern that someone gain access to my cameras (that someone is not someone I know). I don't believe my account is hacked as my password is complex. The only people that logs into the system is my wife and I. What happen was late one night, when I was caring for my sick kid in their room I notice the camera was active (the red lights for night mode). I asked my wife if it was her but she said no (she was sleeping). I quickly turn the camera around, facing the wall.
That just gave me the chills! I was thinking that someone was looking/spying at my kids since I dont know when!
The next morning, I googled and notice a vulnerbility with the system. It looks like more than one account can be activated with the base, meaning if someone knows my serial they can register and gain access to view all the cameras linked to the base.
Here is a thread:
https://www.reddit.com/r/privacy/comments/4ortwb/i_bought_and_returned_a_set_of_wifi_connected/?st=i...

I believe what needs to be done is to restrict account creation to one base. No one base can be use to register with multiple accounts.
Has the vulnerbility been remediated?
Please help as I don't know what to do. I spent $500+ on these cameras and I do not want to throw them away!
Regards,

/

jguerdat · ‎2016-10-28

Anything is possible but unlikely. Did you happen to have the camera turned off by using the On/Off switch in Settings, My Devices, your camera? There was a bug that should now be fixed that allowed the camera to detect motion and turn the IR illuminators on but no recording. What firmware is in the camera?

kongee · ‎2016-10-28

I did not turn the camera off using the On/Off switch in Settings, Devices, your camera.

The camera has firmware version 1.2.7730.

Can you let me know if its possible to have multiple accounts linked to one base?

TomMac · ‎2016-10-29

kongee wrote:

Can you let me know if its possible to have multiple accounts linked to one base?

Not to my knowledge... a user even gets bumped offline if another signs in from a different device ( like on PC and log in with android )

--------------------------------------
Morse is faster than texting!
--------------------------------------

JamesC · ‎2016-10-31

kongee,

The reddit thread you linked above is an old issue that has since been resolved through firmware updates.

If a base station is claimed and active on an account, it cannot be added to any other account until it is removed/factory reset.

Was your camera armed at the time you noticed the IR LEDs? If so, this just indicates that the camera sensed motion and was recording.

If you have any reason to believe someone else may be accessing your account without your permission, we strongly encourage you to change your password.

JamesC

kongee · ‎2016-11-04

"Was your camera armed at the time you noticed the IR LEDs? If so, this just indicates that the camera sensed motion and was recording."

My cameras are not set to arm or record on motion or time. It is just on standby and used to check up on my kids at night time.

Thats the thing im trying to understand. The IR LEDS should only come on, if I log into my Arlo account and view that camera. That is what creeped me out.

My password is pretty strong and complex but I will change it.

Is there an account lockout policy?

Setting up multiple accounts with the same base vulnerability?

Arlo
Support

Arlo App
for Support

Setting up multiple accounts with the same base vulnerability?

Arlo Support

Arlo App for Support

Arlo
Support

Arlo App
for Support