This topic has been closed to new posts due to inactivity. We hope you'll join the conversation by posting to an open topic or starting a new one.
Camers hacked after the recomended password change.
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Dear Arlo
Please be advised that following your security notice re: Arlo Security Cameras, change password; I immediately did as instructed and changed my password to a 15 character random, upper lower case, including allowed special charters, password.
Last night (5th June 2018) at approximately 2am (eastern Australian time) somebody was speaking over the voice intercom on one of my cameras, which would indicate that somebody has remote access to the cameras despite the password change.
I have changed the password again and this time rebooted the Arlo bas station however I find it VERY disturbing that access to the cameras might be compromised by a third party, could you look into this matter with the utmost urgency.
- Related Labels:
-
Online and Mobile Apps
-
Service and Storage
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Given this information and based on other disturbing security issues lately I request that Arlo gives users a view to the last logins information as well as implement MFA asap.
I have a feeling that the full severity of the latest security breach(es) is not reveled by Arlo because that would ruin the business.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Obviously more to it than just a pasword issue 😞 - it is a pretty creepy experience to wake up to some random person talking over what is suposed to be a secure intercom.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Password change does not help if hackers have linked your account to OAuth service. As customers we also need a view to linked OAuth services.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
If, as you say, an OAuth hack is the reason that I had/have someone accessing my cameras - and after investigating it seems like a plausible hypothesis - then is it reasonable to assume that despite password changes, ALL Arlo users are exposed and there is nothing they can do to stop it apart from disable the cameras!
Dear Netgear
According to the new Australian Mandatory Data breach legislation, Netger is required to inform Australian users of the following information.
- the kinds of personal information involved in the breach
- a description of the data breach
- recommendations for what steps you can take in response
If this is an attack on the Arlo/Netgear system that cannot be rectified by users changing their passwords, then Netgerar has a legal obligation to inform its users that their cameras are potentially subject to unauthorised access by malicious third parties.
What measures is Netgear taking to inform users of the extent and nature of the security breach? Obviously telling users it was a "brute force attack" and to change their passwords is not sufficient information i.e. If this is an OAuth hack the obviously the only "recommendations for what steps you can take in response" are to tell users to turn off their cameras.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
It happened again last night: 12:45 am and someone was talking on one of my cameras! I've had to turn off the base station so the cameras, at this time, are a useless (expensive) collection of junk.
How do I stop this happening Arlo? What is going on that some third party has access to my cameras and presumably my personal details in my profile?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
We received no such notice. Could it have been a phishing attempt and they acquired the password that way?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I agree this really should be done (increased security) but as I stated in a previous post, this sounds more like a phishing attempt if you clicked a link through an email. No such password request here in the States. NEVER just click a link for a password change like this. Go directly to Arlo's site in a fresh browser and change it there.
Was this a specific thing for Australian customers?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
JM2C.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
this was my thought as well -- you probably got phished.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
No reply from the company after this breach?!
Now Nest has the same breach.
I want a response from the company ASAP.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Yeah, I gotcha.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I don’t know if the specifics of the individual which started this thread, however; I do have insight in the similar realm.
I’ve had my arlo 2 Pro 5 camera system for about 5 days. I just picked it up from Costco and have been placing the cameras around my property.
I left one camera that I had synced on a shelf before I left for work today. My wife called me in a panic after she had been at home with our children for around 2-3 hours.
The camera VERY CLEARLY recorded someone other than myself speaking through it to my wife and children. They shouted something to the effect of, “HEY!”. One of my children even asked my wife who was talking.
Your phishing theory falls flat for two reasons:
1) I’ve set the account up through the arlo app. There have been no requests for password resets nor have I changed the password.
2) The password I set is one of the strong passwords safari will auto generate when requested. There is zero chance this password was brute forced or intercepted upon implementation.
If someone from Netgear would like a copy of the videos, I have them saved and they are still in my Netgear Cloud.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I'll concede a bit on that if you tell me you're using a quality router & security software and not just your internet provider's equipment to connect through. The phishing and poor security are the two biggest ways creeps get in. If you have a secure network there should be NO way for this to happen.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
What everyone has failed to accept as a possibility is that the authentication to your Arlo system(s) is being obtained through keylogger software on your client machines (desktop/laptops or mobile devices). It's quite conceivable that when you change your password your activity is being monitored and logged due to poor client security, having nothing to do with Arlo system security.
Regards,
The Wraith
-
Android App
2 -
Applications mobile et en ligne
1 -
Batteries
1 -
Before You Buy
10 -
Détection de mouvements
1 -
Features
10 -
Firmware Release Notes
1 -
Geo-Fencing
89 -
IFTTT (If This Then That)
13 -
Installation
14 -
iOS App
2 -
Modes and Rules
909 -
Motion Detection
69 -
Online and Mobile Apps
1,268 -
Online Web
3 -
Service and Storage
51 -
Surveillance
1 -
Troubleshooting
89 -
Videos
3
- « Previous
- Next »