Jordan O'BrienArlo security cameras are designed to keep users safe and, thanks to their portable design, can go just about anywhere within or outside of a user’s home. Installers will need to be wary of installing the cameras in private areas of a person’s home, however, after two major security flaws were identified.
Tenable, a security research firm, identified two high-severity vulnerabilities that could possibly have allowed an attacker access to an Arlo system. The bugs were initially picked up back in March, but Arlo has just disclosed the issue to users through a security advisory.
The security vulnerabilities impacted the Arlo Base Station models VMB3010, VMB4000, VM3500, VMB4500 and VMB5000, and focused on two areas. One is caused by a network misconfiguration, and the other is caused by insufficient UART protection mechanisms.
How serious were the bugs? Well, according to the security advisory, “If someone has physical access to an Arlo base station, they can connect to the UART port using a serial connection. After making the connection, an attacker can gain access to sensitive information.”
So, what do you need to do to ensure your client’s home security system is secure? Well, according to Arlo, there’s nothing that you should need to do. Both issues have been patched via a software update, and due to the nature of the Arlo Base Station, all devices should have already been automatically updated.
This isn’t the first time Arlo has had to issue a security advisory, with the firm previously warning users against using the default Wi-Fi password for Arlo base stations, Arlo Q and Arlo Q Plus cameras. The firm also identified vulnerabilities with WPA-2 on some of its cameras, although both flaws have since been rectified.