Screw-up: Vivint Cloud Video

Author: John Honovich, Published on Feb 11, 2013

Who can see your cloud stored video? For at least one Vivint customer, the answer is complete strangers. An ongoing concerns of cloud-based surveillance is privacy and security protections in place to prevent unauthorized viewing. In this note, we take a look at one example where 'remote video' went wrong, the questions it raised, and what alternatives avoid the problem.

Vivint's Mistake

The report below details the surprise a 'Vivint Video' customer experienced when he logged into his VSaaS account and reviewed video clips. Several of clips available for him to view were segments recorded by cameras from other user's accounts. See the video embedded below for more details:

This screen cap shows an example of the 'bug', consisting of another Vivint Video customer oblivious to the fact that others can see what his camera is recording:

In terms of mistakes, this gaffe ranks among the worst possible missteps a VSaaS provider can make. While the root cause of the problem appears to be technical and not malicious, the fact the event occurred at all indicates significant shortcomings in how Vivint's 'cloud' handles the video.

Widespread Problem?

In the clip, Vivint claims "this is the first time an event like this has been reported" and is investigating the issue in detail. Regardless of how widespread this particular issue proves, the customer detailed in the clip has been unnerved by the discovery, and lost confidence in Vivint's offering.

Adding insult to injury, the customer explains that he has repositioned his camera to disable their views, since Vivint "has locked him into a [service] contract" and he must "still pay for a security service he cannot trust". While unsatisfactory to most, this response is inline with both Vivint's sordid customer service reputation and the alarms industry in general that frequently requires multi-year monitoring contracts with punitive early termination penalties.

Get Video Surveillance News In Your Inbox
Get Video Surveillance News In Your Inbox

VSaaS Risk

While 'hosted' service vendors downplay this situation from being possible with claims of 'bank-grade encryption' and 'accessible only by your password', it remains an inherent risk to most cloud-based platforms. As the situation above reveals, even password protected accounts and equipment can malfunction and allow 'your' video to be seen by others.

Aside from public-facing access, support engineers and administrators usually always have (and periodically may even require) visibility of recorded video and customer data. In terms of account support, troubleshooting, and maintenance having 'master access' means that no video data is 100% exempt from being viewed by others. Even when only a 'potential' issue, the risk of unauthorized viewing can be a deal breaker for VSaaS - often excluding it from high-security/surveillance applications.

Alternatives

Many customers choose to avoid the risk of situations like the above by simply avoiding VSaaS products. Others withhold serious consideration of the platforms until privacy and security of remote video can be absolutely assured - something that is not be possible. Until the time, we expect appliance based NVRs, VMS enabled NAS appliances, and small VMS servers to remain the preferred option for many end users. "Remote Accessibility" of video is becoming increasingly less difficult even with the full physical retention of all recorded video onsite.

Comments (16): PRO Members only. Login. or Join.

Related Reports on VSaaS

Ex-ADT Exec Joins Eagle Eye As President on Nov 04, 2016
VSaaS has been a tough market, while Axis struggles with their business, Eagle Eye is filling out their executive team. Eagle Eye has hired an...
'Legal Protection' From Eagle Eye Contract Vault Examined on Nov 02, 2016
"I was promised the high-end model for the entry level price." "Nobody said there would be a monthly service fee when I signed...
VSaaS Startup Raises $5 Million For Global Expansion on Oct 04, 2016
There is money to be made in VSaaS. At least that is what the investors of Morphean believe. The Swiss company received a $5M investment to expand...
Axis Hosted Video Decade of Failure on Aug 29, 2016
Do you want to 'head up' Axis hosted video offerings? Axis almost never publicly promotes senior positions, but for such an unattractive job they...
H.265 Licensing Fees Examined / CEO Interview on Jul 14, 2016
Axis has repeatedly warned about H.265 licensing, most recently: [The H.265 license model] includes a royalty on revenues generated on the...
VSaaS Usage Statistics 2016 - Still A Long Way From "The Next Big Thing" on Mar 14, 2016
VSaaS ranked #2 in the Next Big Thing 2020, but new integrator survey results show current usage is far from its promise. 150 integrators...
Taser Aims To Be Emerging VSaaS Powerhouse on Mar 01, 2016
Taser, the company, is best known for its stun-gun product (or "CEW - Conducted Electrical Weapon") which is commonly referred to as a...
Most Americans Not OK With Home Security Video Recorded In the Cloud on Jan 21, 2016
A majority of Americans are not OK with their home security video being recorded in the cloud, according to new IPVM survey results. Inside this...
Top 5 Video Surveillance Product Advances Going Into 2016 on Dec 31, 2015
Here are the 5 product areas that have had the most meaningful product advanced in 2015, that you should be looking at incorporating in...
Angelcam Cloud Video Tested on Oct 13, 2015
With the cloud getting more and more hype plus with early market leader Dropcam stumbling after being acquired by Google / Nest, there is increased...

Most Recent Industry Reports

Everbridge Mass Notification Service Examined on Mar 24, 2017
Everbridge is expanding in the security space. In January 2017 Everbridge acquired PSIM platform IDV, and have also begun integrating with other...
Hikvision Removing Auto 'Phone Home' on Mar 24, 2017
Facing pressure over their cameras auto phoning home and their Chinese government ownership, Hikvision has begun quietly removing automatic...
Axis Camera Vulnerabilities From Google Researcher Analyzed on Mar 23, 2017
A Google security researcher has reported 6 vulnerabilities for Axis cameras, affecting multiple models and firmware versions. In this report, we...
OpenEye Takes Aim At Exacq on Mar 23, 2017
First Milestone targeted Exacq with a takeover offer, and now OpenEye is gunning for them with an offer to swap out Exacq for their cloud-managed...
Lock Keyways For Access Control Guide on Mar 23, 2017
Lock keyways can be the difference between a lock working or not. Understanding keyways is important for access control. Indeed, a member recently...
Broken Browser Support for Video Surveillance on Mar 22, 2017
Modern web browsers have left the security industry behind. Current Chrome, Firefox, and Microsoft Edge browsers do not support NPAPI plugins,...
ADI Favorability Results on Mar 22, 2017
150 North American integrators provided feedback on 6 distributors, and why they do (or do not do) business with ADI. ADI is clearly a big name in...
1 Million Dahua Devices Exposed To Backdoor on Mar 22, 2017
Statistics show that 1 million Dahua devices are publicly exposed and vulnerable to the Dahua backdoor. Despite this, Dahua has downplayed the...
Hikvision Hires Crisis Communication Writer on Mar 21, 2017
Hikvision has hired a crisis communication writer as the company ramps up its efforts to deal with the 'crisis' it feels it is facing. 'Crisis...
Glass Break Sensor Tutorial on Mar 21, 2017
Burglars often break glass windows to get into a house. Using glass break detectors in conjunction with alarm contacts is a good way to protect the...

The world's leading video surveillance information source, IPVM provides the best reporting, testing and training for 10,000+ members globally. Dedicated to independent and objective information, we uniquely refuse any and all advertisements, sponsorship and consulting from manufacturers.

About | FAQ | Contact