Netgear’s Arlo Pro security cameras: Better than before but pricey

This article is the latest installment in my smart home series. A natural addition to any smart home would be to use security cameras to monitor your entry points. I tested the latest Netgear Arlo cameras, including the Arlo Pro and the Arlo Go. Overall, my review is mixed.   

Netgear has had its Arlo line for several years. What is new with these two units is the rechargeable batteries, so you don’t spend a small fortune on replacing the ones in the cameras. The design goal with Arlo is that you can run them completely cable-free, so you can place them optimally without regard to wiring. By that they mean that you don’t have to run any wires to them, either for power or network connectivity.

But there are two different battery sizes for the Pro and the Go models. Go includes a slightly larger unit that comes with its own stand. Pro has a smaller magnetic attachment device to be mounted on the wall.Either Pro or Go batteries can be recharged outside the camera with an optional $60 charging dock, which is included in some of the multiple-camera kits.  

The older Arlo models used ordinary batteries that drained quickly. These newer models use rechargeable ones that last a couple of weeks, depending on usage, and connect via Wi-Fi networks (in the case of the Pro) or Go has its own AT&T SIM card. That means the Go can be placed anywhere that has a cell signal, and if you don’t have any indoor Wifi. You can see the signal strength on its web portal page. This is great for a remote cabin the woods, as long as it isn’t too far afield from a cell tower.

Both of the newer cameras can record ambient audio and can see a 130 degree video view in HD quality, along with night vision rather at 850 nm that can see things up to 25 feet away. You can also control a 8x zoom lens in real time. The original Arlo cameras has a 110 degree view and no audio capabilities.  

Camera setup is very simple. You connect the controller to your wired network, download the smartphone app, and press the button on the controller and then on each camera for it to be recognized by the system. You need to create a login ID with the web service. One ID per system only. Once you have setup the cameras with this login, you can use the smartphone app outside of your home network.

You can only be logged in at one location: either via the smartphone app or the web portal. This is a security feature. The web and smartphone app controls are almost the same, with the exception of geo-fencing mode that is available on the phone app only.

The cameras have four different detection modes: armed, schedule, geo, and disarmed. The schedule mode allows you to turn off the detection during the weekend or when motion sensing would kick off too many alerts. You can also set up your own custom rules for all the cameras connected to your hub or for particular Go cameras.

You can set various thresholds — for motion (the claim is 23 feet from the camera) or sound detection. Then the cameras record the next ten seconds. When you purchase the camera, you get a free week’s worth of video storage in the cloud, after that you have to purchase a storage plan if you want to keep the videos for any length of time. (You can access your video library easily at any time, shown here.) You can download these videos as MP4s, and also share them with Netgear. If you use the Pro models, they attach to a local controller, which has two USB slots where you can fit a USB thumb drive for local storage. The Go units have a microSD slot where you can store your video recordings.

The biggest new feature of the Pro/Go cameras is audio, and it is two-way so you can get an alert via email and then talk remotely to someone who has stopped by your lake house and knocked on your door when you aren’t home as an example. You can also set off a very loud alarm remotely if you see something amiss.

The Arlo setup comes with a free basic subscription plan. This covers up to five cameras and up to seven days of 1 GB of cloud storage for your recordings. There are a variety of paid consumer and business plans that up the level and duration of storage and the number of cameras per account, these start at $100/year per account. The cameras retail for $950 in a kit that includes six Pro cameras, several wall mount options, power chargers and a base station. A single camera system is $250. The Go camera on the Verizon cellular network retails for $350, plus $85 a month, provided you sign a two-year contract.

If you have an older Arlo setup, it probably isn’t worth it to upgrade to Pro or Go collection. If you are looking for a smart home webcam, you can certainly find cheaper models that will require some wiring, or use ordinary batteries. It might be worthwhile to have a single Arlo Pro or a Go in the case of the remote cabin without any Internet connection. If you don’t mind replacing batteries and don’t need the two-way audio, you should stick with the older Arlo models.

Advertisements

Is iOS more secure than Android?

I was giving a speech last week, talking about mobile device security, and one member of my audience asked me this question. I gave the typical IT answer, “it depends,” and then realized I needed a little bit more of an explanation. Hence this post.

Yes, in general, Android is less secure than All The iThings, but there are circumstances where Apple has its issues too. A recent article in ITworld lays out the specifics. There are six major points to evaluate:

  1. How old is your device’s OS? The problem with both worlds is when their owners stick with older OS versions and don’t upgrade. As vulnerabilities are discovered, Google and Apple come out with updates and patches — the trick is in actually installing them. Let’s look at the behavior of users between the two worlds: The most up-to-date Android version, Nougat, has less than 1% market share. On the other hand, more than 90% of iOS users have moved to iOS v10. Now, maybe in your household or corporation you have different profiles. But as long as you use the most recent OS and keep it updated, right now both are pretty solid.
  2. Who are the hackers targeting for their malware? Security researchers have seen a notable increase in malware targeting all mobile devices lately (see the timeline above), but it seems there are more Android-based exploits. It is hard to really say, because there isn’t any consistent way to count. And a new effort into targeting CEO “whale” phishing attacks or specific companies for infection isn’t really helping: if a criminal is trying to worm their way into your company, all the statistics and trends in the universe don’t really matter. I’ve seen reports of infections that “only” resulted in a few dozen devices being compromised, yet because they were all from one enterprise, the business impact was huge.
  3. Where do the infected apps come from? Historically, Google Play certainly has seen more infected apps than the iTunes Store. Some of these Android apps (such as Judy and FalseGuide) have infected millions of devices. Apple has had its share of troubled apps, but typically they are more quickly discovered and removed from circulation.
  4. Doesn’t Apple do a better job of screening their apps? That used to be the case, but isn’t any longer and the two companies are at parity now. Google has the Protect service that automatically scans your device to detect malware, for example. Still, all it takes is one bad app and your network security is toast.
  5. Who else uses your phone? If you share your phone with your kids and they download their own apps, well, you know where I am going here. The best strategy is not to let your kids download anything to your corporate devices. Or even your personal ones.
  6. What about my MDM, should’t that protect me from malicious apps? Well, having a corporate mobile device management solution is better than not having one. These kinds of tools can implement app whitelisting and segregating work and personal apps and data. But an MDM won’t handle all security issues, such as preventing someone from using your phone to escalate privileges, detecting data exfiltrations and running a botnet from inside your corporate network. Again, a single phished email and your phone can become compromised.

Is Android or iOS inherently more secure? As you can see, it really depends. Yes, you can construct corner cases where one or the other poses more of a threat. Just remember, security is a journey, not a destination.

CSOonline: Review of Check Point’s SandBlast Mobile — simplifies mobile security

There is a new category of startups — like Lookout Security, NowSecure, and Skycure — who have begun to provide defense in depth for mobiles. Another player in this space is Check Point Software, which has rebranded its Mobile Threat Protection product as SandBlast Mobile. I took a closer look at this product and found that it fits in between mobile device managers and security event log analyzers. It makes it easier to manage the overall security footprint of your entire mobile device fleet. While I had a few issues with its use, overall it is a solid protective product.

You can read my review in CSOonline here.

Securing the smart home, a guide to my reviews series

I began a series of reviews for Network World on securing the smart home. These three articles were published earlier this year:

Since then, I have written additional stories, but before I introduce those I want to take a step back and review the decision process that I would recommend in terms of what gear you should buy and at what point during your smarter home networking automation journey. And let’s also take a moment and review the decisions that you have made so far on hubs and wireless access points and how these decisions can influence what you buy next.

While there is no typical decision process for this gear, here are a series of five questions that you should have begun thinking about:

  1. Do you already own a smart thermostat? If not, make sure you pick the one that will work with your hub device. Nest doesn’t work with Apple’s HomeKit, for example. I will talk about my experience with Nest in a future installment. Also, you might also want to make sure that you can upgrade your older thermostat with something more intelligent, in terms of wiring and network access.
  2. Are you in the market for a new TV? If you are, consider what your main motivation is for buying one and which ecosystem (Apple, Google or Amazon) you want to join and use as your main entertainment provider. It used to be that buying a TV was a major purchase, but today’s flat screens are relatively inexpensive. Most new TVs come with wireless radios and built-in software to connect with Netflix, Amazon, and other streaming providers too.
  3. Are most of your cellphones Android or iOS? While many of the smart home products work with apps on both kinds of phones, that doesn’t necessarily mean that features are at parity between the two phone families. In some cases, vendors will prefer one over the other in terms of their app release schedule and that could be an issue depending on which side you are on. If you are serious about considering Apple HomeKit products, obviously you will need at least one Apple phone for managing its basic features. While Apple’s ecosystem supports the largest collection of smart home devices, overall, many of the smart home products will work on either Google Home or Amazon Alexa as well.
  4. Do you have sufficient wireless and wired infrastructure to support where you want to place all your devices? As I mentioned in my last installment, one of the major reasons for using a better wireless infrastructure like the Linksys Velop is because of its wider radio coverage area. Make sure you understand what your spouse is willing to tolerate in terms of wiring and AP placement too while you are assembling your new network requirements and scouting out potential AP locations around your home. As part of this decision, you might also need to upgrade your ISP bandwidth plan if you are going to be consuming more Internet services such as video and audio streaming.
  5. Do you have enough wired ports on your network switch? With all the devices that you plan on using, you probably are going to run out of wired ports. And while you might think that most smart home products are connected wirelessly, many require some kind of wired gateway device (the Philips Hue is an example here) that will consume a wired Ethernet port.

Those five questions should help get you started on your smart home journey. But before you purchase anything else, you might want to consider these security issues too.

  1. Do you understand the authentication requirements and limitations of each smart home app? One of the biggest limitations of the smart apps is how they set up their security and authentication. In many cases, the app can only use a single login ID and password. If you want multiple family members to use the app, you may have to share this information with them, which could be an issue. You might want to consider a document that lays out your family “rights management” — do you want your kids to be able to remotely control your thermostat or monitor your home security cameras? What about your spouse? This begs the next question:
  2. Who in the family is authorized to make changes to your smart infrastructure? By this I mean your network configuration and access to your computers, printers, and other IT gear. Again, in the past once this was set up it wasn’t often changed by anyone. But the smart home requires more subtle forms of access and this could be an issue, depending on the makeup of your family and who is the defacto family IT manager.
  3. You should plan for the situation when you (or another family member) loses their phone with all of your connected apps and authentication information. This is one of the major security weaknesses of the smart home: your apps hold the keys to the kingdom. Most of the apps automatically save your login info as a convenience, but that also means if you lose your phone, it can be a massive inconvenience. Some of these apps will only work when they are on your local network, but others can reach out across the Internet and do some damage if they fall into the wrong hands. Given how often your family members lose their phones (I know of one 20-something who loses her phone twice a year), this might be worthwhile. You might want to record the procedures for resetting your passwords on your various connected apps and other login information.
  4. What happens when one of your smart devices is compromised? The reports earlier this year about the compromised web server that comes with a Miele dishwasher are somewhat chilling, to say the least. How can you detect when a smart device is now part of a botnet or is running some malware? We will have some thoughts later in the series, but just wanted to raise the issue.

As you can see, making your home network smarter also means understanding the implications of your decisions and the interaction of products that now could create some serious family discussions, to say the least.

The remaining reviews in the series include:

The smart home series: Nest is building a smarter thermostat

If the Philips Hue smart light bulb is the first connected home product, probably the most desired home networking product is the smart thermostat. While Nest wasn’t the first in the field, it has become the market leader and was purchased by Google back in 2014. One of the reasons why I chose my test home in suburban St. Louis was because the homeowners already had one installed. I wanted to see how it would interact with the Google Home and Alexa Echo units and what other equipment it would integrate with.

Nest is like many smarthome products: there is the actual thermostat itself, an attractive low-slung cylinder that has a built-in 480×480 pixel touch screen and a rotating collar for its main menu controls. Then there is a smartphone app and a web service. The apps run on both Android and IoS devices. (iOS 8 or later, or Android 4.1 or later)

Nest can’t replace all analog thermostat installations, but there is this helpful page that will walk you through what you have now and how your existing thermostat is wired to figure it out. They also have an installation video and troubleshooting tips. My home owners are moderately handy and they had no issues getting it installed. In my informal poll of other Nest users, I didn’t hear any horror stories either.

Once you wire it up to your HVAC system, you have to download its app to your phone and get the software setup. That took about 15 minutes. You can control up to 20 different thermostats and in two different locations from one app and one account. Unlike other smart home products,

Nest allows this account to grant access to two users with two separate email addresses. You still may want to use a throwaway email address to share among your family, if they have authority to change your home temperature conditions. It connects to your home network via Wi-Fi and like other products, initial setup is via Bluetooth.

We set up the Nest with both Alexa and Google Home. Nest doesn’t directly work with Apple’s HomeKit although there is this workaround. We also set up Nest with the ADT Pulse alarm system app that was installed in our test home. More on these connected apps in a moment.

Nest calls its product a learning thermostat, and this is because it automatically figures out your usage patterns on a daily basis. For example, the new generation units will light up to greet you when you come home. You can wait a couple of weeks for it to learn your schedule, or set up a typical schedule like any programmable thermostat. But unlike an analog thermostat, it has a series of sensors, as you might imagine. Besides temperature, it also measures humidity, activity and ambient light. That means it can make smarter decisions about your occupancy and usage patterns. That is one of its chief selling points.

Nest has some built-in routines that help you save money on your heating and cooling bills, called Nest Sense. It has all sorts of automated routines here. One is called Eco Temperatures. Basically, you set up a temperature range that your home will operate at, and if no one is home that is the default mode of operation. Others are called Cool to Dry, Leaf, Airware, Home/Away Assist, and Time-to-temp.

The Nest phone app is cleanly organized and once you get done setting up these various routines, you probably won’t be spending much time with it. With my test homeowners, one said she is so ingrained in using the thermostat directly that when she walks by it in her hallway she thinks about changing the temperature then. The other said he used both the Nest app and the voice commands but still was getting used to using both of them. Part of the issue here is that unlike lighting that you change frequently during the day, you probably don’t think about your home temperature control very often.

Another selling point for Nest is that it has a large range of other products that integrate with it. That is what drove my test homeowners to buy it since it works with their ADT security system. One of my homeowners used the ADT/Nest control because she forgot her Nest app password. So it is nice to have all these different mechanisms to control it, to be sure.

Finally, Nest was easy to setup with both the Amazon Alexa and Google Home, taking less than five minutes to get each one configured. Using it was simple too, and both seemed to perform the same way in terms of controlling the thermostat. My male homeowner said he is starting to prefer the Amazon hub for home control, just because it has so many more connected apps. But he finds the Google hub provides him with more thorough answers to his questions.

Nest is now on their third generation product, which retails for $249. (I tested the second generation.) But don’t let that price scare you: your local electric or gas utility might have rebate offers. (In St. Louis, it was $125 from both companies combined). It comes in four colors.

The smart home series: Philips Hue lighting system review

In today’s installment, I look at the Philips Hue lighting system. This has four main components: a network-attached bridge or controller, the smart bulbs themselves, web-based software and the smartphone software that is used to turn your lights on and off. We tested the product in the same suburban home location outside of St. Louis where we tested our earlier products, connecting Hue to both the Alexa Echo Dot and the Google Home hubs.

Hue comes with three different kinds of bulbs: white-only, white ambiance and multi-color, which includes white. The White Ambiance allows you to do more than just dim up and down at the one color temperature and gives you access to 50,000 shades of white light. I tested the multi-color. Both come with built with radios that communicate via the ZigBee LightLink protocols back to the bridge.

To me, a lamp is a necessary evil and something that doesn’t require a great deal of thought. This is because I am someone with zero sense of interior design. I tell you this upfront, which is one of the reasons I was testing these products at a home where both residents have a lot more design-savvy and understanding of lighting placement and mood creation.

If you are a design philistine like me, then you probably won’t get much out of this product and should just stick with ordinary lamps. But if you do take the plunge, make sure you are buying what Philips calls “gen 3” bulbs (which is what I tested). These bulbs have deeper green, cyan and blue for even better mood setting. Philips claims the bulbs can deliver 16 million different colors, but since I am colorblind I couldn’t verify this claim. Nevertheless, you have a wide color palette that you can play with on your smartphone and have a lot of fun finding that exact color to match your mood, your decor, what your spouse is wearing, or whatnot. All the bulbs are LEDs, so are very energy-efficient. They all fit into a standard base and (unlike the early CF bulbs) are small enough to fit in most ordinary lamp housings.

Why bother with smart bulbs? Several reasons. First, you can remotely turn them on and off, both instantly and on a specified schedule, to make your home more comfortable and secure. Second, you can set various moods by having them dim or brighten appropriately. And finally, you have bragging rights when you have your friends over for dinner or parties. By now many of you have already bought your own smart hub: this gives you the first practical application that can readily demonstrate its utility.

When I first got the Hue kit I thought it was mostly “nice to have” but not an essential use case. The more I and my test couple used them, the more we liked them and the more we came to rely on the ability to control them at will and to set different moods. I think this bears emphasis: Hue is creating something new and really giving you a new dimension on how you live and consume lighting in your home.

You don’t need a smart hub to operate your Hue lights, because you can control them via the smartphone app  (shown here) or you can also purchase a variety of hardware controllers that can fit inside a standard light switch receptacle or sit on your coffee table if you want a physical object. That is all well and good, but really that gear is just a glorified “Clapper” device that is about as exciting. But using the Alexa or Google Home hubs means you have voice commands for your lights. This means you don’t have to look for your phone and can just turn your lights on or off quickly as you enter a room.

Getting setup from scratch took about 15 minutes on either hub, using a very similar process. The biggest issue I faced was switching my lighting system from the Amazon to the Google hub, which a normal user wouldn’t necessarily do. If you are going to change hub vendors, you should do a factory reset to make things easier. The controller/bridge connects to your home network via Wi-Fi, and it also works with Apple Home Kit hubs too.

The most important part of the hub-related setup is naming your various rooms where the bulbs will be located. The workflow for doing this is different in Amazon Alexa versus the Google Home. With Alexa, it picks up this information from the Hue app. In Google, you have to create your room names on its app.

For the most part, the Hue bulbs worked fine with either Alexa or Google Home. But sometimes Alexa would make a mistake, thinking a particular bulb was on when it was off, or vice-versa. And sometimes Alexa would turn on a bulb in the wrong room. We couldn’t reproduce these errors. It isn’t clear who is at fault here: because sometimes the app shows a bulb is on when it is off. For the majority of time though, things work as intended.

If you are just going to control your lights locally — meaning while you are in your home — then you don’t have to worry about the web server piece of the product. This is needed for two purposes: first for controlling your lights when you are away from home, and second to integrate with any Nest products and other home automation web services. For either purpose you will need to create an account on meethue.com and then use that login on your smartphone app. As with other smart home products, only one account (meaning one email address) per home is allowed. If you want multiple family members to have lighting controls, you might want to create a special email address that everyone can access. Philips is looking into having multiple accounts with different access rights at some point in the future.

Once you get going with the standard bulbs, Philips makes a bunch of different other bulb sizes that can you expand your horizons and play interior decorator. I didn’t test any of these. You can purchase a rechargeable portable light source called Go and lights that come with a variety of their own decorative bases. Given that Philips has been making electric lights for more than a century, this is not unexpected that there will be others joining its Hue product line in the near future.

Hue comes in various product configurations, the basic white-only starter kit with two bulbs and the controller is $70. It is available online and in a variety of electronics and lighting stores too.

 

Network World: Linksys Velop boosts home network throughput

I take a look at the Linksys Velop Wi-Fi access points. This is the third in my series of reviews for Network World on smart home devices. If you are going to invest in smart home tech, you want a solidly performing wireless network throughout your house. While I had some minor issues, the Velop delivered solid performance and I recommend its use, particularly if you have existing radio dead spots in your home or have to use multiple networks to cover your entire property. You can read the review here.