Arlo|Smart Home Security|Wireless HD Security Cameras
× Arlo End of Life Policy Notice
To view Arlo’s new End of Life Policy, click here.

Reply
Discussion stats
Max_82
Star
Star
Hey, I thought Arlos were secure but I got that message. I was not signed or logged in from another device nor do other users have permission.

I'm concerned because I am not getting many motion detection alerts even when I know for A fact my pet is moving within range. Fresh batteries.

Also, why aren't register Arlo owners being automatically sent emails about security updates? Just read that Arlo Wirefree base units need to be updated to avoid a very bad hacking vulnerability and in order to do this you have to have to do a hard core default reset!!!

Anything I should know about the app being vulnerable????

This is concerning!!!!
45 REPLIES 45
jguerdat
Guru Guru
Guru
Try power cycling the base and open and close the battery doors.
manfredz
Hero
Hero

although theoretically possible its very unlikely that someone hacked into your cam.  if someone were interested in you much more likely they hacked into your computer, installed a keystroke logger and gains access that way.

for 99.99% of us, hackers have much more interesting targets.  Sorry to burst a few bubbles but we're just not interesting.

silanah
Apprentice
Apprentice

This happened to be last week.   I sent the following email to two addresses - the arlo@netgear.com one that is in the email they send you and say to email that address if there is a problem plus another security related address I found on the web site.  I did not even get the courtesy of any reply.

 

My email to the Netgear addresses is below.  I have yet to receive any response nearly a week later.  I turned the cameras back on yesterday but am leaving them disarmed and/or off most of the time unless I leave the premises. 

 

I *do* wonder if Netgear Arlo accounts have been compromised. I do not record passwords anywhere nor use a password app. I do complete scans on my computers with all clear of malware and virus.

 

So my suggestion is... if you THINK someone may have control of your cameras, disarm and turn them off in the app or web interface, change your password immediately.  Unplug and reset everything.

 

And ignore when someone says 'who would be interested' - there are enough weird people out there that you need to react as if your account has been compromised until it is proven otherwise.

 

Finally, sadly, don't expect a response from Netgear to anything marked URGENT.

 

--------------------------------------------------

----------------------------------------------------

 

 

 

 

Hi Netgear Arlo Support,

I have an URGENT security concern regarding my Netgear Arlo account.

At 7:25 AM this morning I received your email acknowledging a password change for my account. Yes, I did change the password but I am writing to you as the reason I had to change it may be cause for concern for other Netgear Arlo customers besides myself.

WHAT HAPPENED:

I was logged into my account (account info provided) early this morning via the app on my old ipad2 when I got a notification in the app that I had just been logged out as I had logged in to my account from another device. This happened at 7:17 AM, Perth, Western Australia time.   I was shocked as this is not the message I get if my network links drop out or any other reason except I really have logged in from another device - I know as I used two devices when I set things up for my newer cameras as everything else I own is Windows 10 based except for the old otherwise unused ipad2.

NO ONE else has access to any of my other devices and I was aware this morning of where each and every other device was (all in my home and nearby possession).

So I logged back in to my account via the app on the ipad2 almost immediately thinking it was some type of glitch on your server side.

Within a few minutes, at 7:21 AM, I was logged out again with the same app notification that I was logged out because I had logged in via another device.

Now, at that point, I became both surprised AND very concerned. 

So I logged back in immediately and (1) turned all my cameras OFF and then (2) changed the password on my account. I then logged out and closed the app.

Not only do I know where all my devices were at those exact times (and still are right now), but there is also no one else that could know the account password and it is not a password ever used elsewhere or easily guessed by someone else.  Literally no one else could have it in the time since teh Arlo account has been activated, unless the account information was hacked.

QUESTIONS:

  • How secure is Arlo account information?
  1. Has Netgear experienced any intrusions into their corporate systems? Have your systems been 'shanghaied' (amazing the old term has been given new meaning in this era of Chinese hacking to gain commercial advantage)? 
  2. Has your Cloud provider experienced any intrusions?
  3. What about your foreign-based support staff?  Are they employees or contracted? Can they access & sell account information or access out of boredom?
  4. ARE YOU SURE ALL OF ABOVE HAVE NOT BEEN HACKED? Or that someone inside is selling information?
  • In your systems, can you 'see' the events I am talking about in your logs?
    • Can you tell me the MAC address of the device that generated the log-outs at 7:17 AM and 7:21 AM  (Perth, Western Australia time)?
    • Can you determine the IP it was done from?
    • Were there ANY attempts to log in with the old password after I turned off the cameras and changed the password at 7:25 AM this morning?
    • Has there been ANY access with the new password since that time?  If so, when and where from (device and IP)?


SUGGESTION:

  • A customer accessible log of all account accesses showing device and IP address or geolocation information - perhaps on a rolling 7-day basis to match the cloud storage regime.


Please respond as soon as possible even if you can't provide all of the above immediately!  I am very concerned and I am leaving the cameras 'OFF' and not accessing the account again until I get a response from you.
       

manfredz
Hero
Hero

at the bottom of each forum page there are various ways of contacting support.

When I had issues setting my arlo up I used the email support from within my account and when with L1 support it would take them about 2 days to reply, but that advanced to usually same day once I advanced to L2 support

GamerHonu
Star
Star

silanah wrote:


SUGGESTION:

  • A customer accessible log of all account accesses showing device and IP address or geolocation information - perhaps on a rolling 7-day basis to match the cloud storage regime.

 


This needs to happen immediately in my humble opinion. Gmail or Facebook will allow me to see connected devices & IPs, Arlo needs this feature bronto.

manfredz
Hero
Hero

such a log would be seen as an unnecessary invasion of privacy by others, myself included, if the started tracking and storing such info.

styledata
Star
Star

I think the idea of a log of IP's is GREAT! Yahoo Mail has this, and guess what? Everytime you go through a 2-window fast food restaurant they take a picture of your car so they know who you are when you get to the window. 

GamerHonu
Star
Star

manfredz wrote:

such a log would be seen as an unnecessary invasion of privacy by others, myself included, if the started tracking and storing such info.


If it's stored in the same way that all of your existing captures are stored then there is no difference in privacy concerns. Further, Netgear themselves are already storing each and every IP hitting Arlo...

silanah
Apprentice
Apprentice

If you think an Account Access Log is a good idea then go to the Idea Exchange and click on the 'Kudo' icon. Netgear tracks this info anyway, the Log would give the account owner the ability to see access information from the web interface or app.

 

https://community.netgear.com/t5/Arlo-Idea-Exchange/Account-Access-Log-accessible-via-the-web-interf...

 

 

Thanks.

cnjmorris
Tutor
Tutor

Why can't I log in on more than 1 device without being kicked? What if my wife and I both want to check on kids? Is there no way to stay logged in on my monitor in my room and still have access via phone app when I step out?

I do foster care for troubled youth and these cameras need to hold people accountable and safe... so why are you logging me out when I want to stay logged in?

jguerdat
Guru Guru
Guru

It's a security thing.  Use Settings, Grant Access to add friends' email addresses so they can create an account to be able to monitor things. Add the extra privileges as needed.  This isn't quite the same thing as using the master account but works for most things and won't log others out.

Hammer2016
Initiate
Initiate

Same thing happened to us today, and this was the 2nd time in 6 months. I got kicked out even I am sure that we didn't log in from other tabs or devices.

 

I was about to get more arlos as our first one worked pretty well, but now I am seriousely considering Nest.

 

NetGear should enforce more on its securities, at least start with the ip list. 

 

 

JamesC
Community Manager
Community Manager

Hammer2016,

 

Do you use more than one device to view your Arlo cameras? Are these mobile devices or do you also use the web client on a computer?

 

JamesC

Bama1
Aspirant
Aspirant

Arlo only allows you to log in with a single device at a time whether PC or mobile. If viewing on one device and another device logs on, the first device will be kicked off.

Hammer2016
Initiate
Initiate

Hi guys, thanks for checking.

 

My wife and I do kick each other out sometimes. But for those two times I mentioned above, it was not us.

 

It would be great to have an ip list or sign in record implemented for customers.

DoctorD
Initiate
Initiate

This just happened to me too. I was only on one device. And, just yesterday I upgraded my network security and changed all passwords, moved my base station closer to cameras and brought them all back online.  This is particularly concerning because certain locations will not pick up motion and record (the side of the property next to the person who has stolen from me in the past). It's not the cameras either because I've rotated them and they work fine in other areas. Plus, when I was troubleshooting these issues with my network my provider they reset from their end all of a sudden those locations  started to pick up motion and record like they should. But then it stopped shortly afterward, hence the upgrade. The other thing is the timing of when my cameras go offline in these locations is very suspect given they only seem to go offline when there is verifiable activity from this neighbor. 

JessP
Initiate
Initiate

I just received this same message, for the third time.  Like others, I was not logged into multiple devices at the time. 

 

What was really strange, was when I was booted out this last time, the message showed at the top of my iphone, as it did previously, but in Chinese!

 

I've changed my password, but have to ask like everyone else:  Arlo, what is going on?!!

jguerdat
Guru Guru
Guru

I see this on very infrequent occasions and have no explanation. I just log in and all is well. I tend to think it's a server issue, not someone hacking your account.

Sross20047
Initiate
Initiate

So its twofold..Why cant we use the USB storage? Seems pointless to have if they aren't usable. And second, why cant we be logged in, at home on our mobile and pic?

 

Dropcam this was not an issue.

jguerdat
Guru Guru
Guru

You can't use the USB because nothing was ever said that it would be available nor that the ports were usable off the bat. Get a Pro base and no more issue.

 

Use Settings, Grant access to add another account.  No issues with multiple logins then.

Sross20047
Initiate
Initiate

I just found it odd that it gave me directions on how to use the USB in the set up, but non functional as stated. Only usable in the pro. I would have bought the pro instead..who knew..

 

and I did set up another user so I could use both at home. Just kinda weird to have to do a work around when youre the same user.