Screw-up: Vivint Cloud Video

By: John Honovich, Published on Feb 11, 2013

Who can see your cloud stored video? For at least one Vivint customer, the answer is complete strangers. An ongoing concerns of cloud-based surveillance is privacy and security protections in place to prevent unauthorized viewing. In this note, we take a look at one example where 'remote video' went wrong, the questions it raised, and what alternatives avoid the problem.

Vivint's Mistake

The report below details the surprise a 'Vivint Video' customer experienced when he logged into his VSaaS account and reviewed video clips. Several of clips available for him to view were segments recorded by cameras from other user's accounts. See the video embedded below for more details:

This screen cap shows an example of the 'bug', consisting of another Vivint Video customer oblivious to the fact that others can see what his camera is recording:

In terms of mistakes, this gaffe ranks among the worst possible missteps a VSaaS provider can make. While the root cause of the problem appears to be technical and not malicious, the fact the event occurred at all indicates significant shortcomings in how Vivint's 'cloud' handles the video.

Widespread Problem?

In the clip, Vivint claims "this is the first time an event like this has been reported" and is investigating the issue in detail. Regardless of how widespread this particular issue proves, the customer detailed in the clip has been unnerved by the discovery, and lost confidence in Vivint's offering.

Adding insult to injury, the customer explains that he has repositioned his camera to disable their views, since Vivint "has locked him into a [service] contract" and he must "still pay for a security service he cannot trust". While unsatisfactory to most, this response is inline with both Vivint's sordid customer service reputation and the alarms industry in general that frequently requires multi-year monitoring contracts with punitive early termination penalties.

Get Notified of Video Surveillance Breaking News
Get Notified of Video Surveillance Breaking News

VSaaS Risk

While 'hosted' service vendors downplay this situation from being possible with claims of 'bank-grade encryption' and 'accessible only by your password', it remains an inherent risk to most cloud-based platforms. As the situation above reveals, even password protected accounts and equipment can malfunction and allow 'your' video to be seen by others.

Aside from public-facing access, support engineers and administrators usually always have (and periodically may even require) visibility of recorded video and customer data. In terms of account support, troubleshooting, and maintenance having 'master access' means that no video data is 100% exempt from being viewed by others. Even when only a 'potential' issue, the risk of unauthorized viewing can be a deal breaker for VSaaS - often excluding it from high-security/surveillance applications.

Alternatives

Many customers choose to avoid the risk of situations like the above by simply avoiding VSaaS products. Others withhold serious consideration of the platforms until privacy and security of remote video can be absolutely assured - something that is not be possible. Until the time, we expect appliance based NVRs, VMS enabled NAS appliances, and small VMS servers to remain the preferred option for many end users. "Remote Accessibility" of video is becoming increasingly less difficult even with the full physical retention of all recorded video onsite.

Comments (15) : PRO Members only. Login. or Join.

Related Reports on VSaaS

Arcules CEO Threatens Over "Security Breach" on Nov 25, 2019
An Arcules employee called out a recent 'security breach', however, Arcules CEO disputed this as 'inaccurate' and threatened to sue IPVM. Inside...
Rhombus Cameras, VMS and Analytics Tested on Nov 06, 2019
Rhombus boasts they have created "the new standard in Enterprise, cloud-managed video security" and told IPVM in January 2019 they offer twice the...
100+ Companies Profile Directory on Nov 06, 2019
While IPVM covers the largest companies in the industry regularly (like Axis, Dahua, Hikvision, etc.), IPVM strives to do a profile post on each...
Alarm.com Acquires OpenEye on Oct 21, 2019
Alarm.com is targeting commercial expansion and now they have a commercial cloud VMS with the acquisition of OpenEye. In this note, based on...
Milestone Has Problems on Oct 01, 2019
Milestone has problems. While the company previously excelled in the shift to IP cameras, as IP has matured and competitive differentiation has...
China Enforces Barriers Against Foreign AI and VSaaS Providers on Sep 30, 2019
While AI and VSaaS is the future of video surveillance, these are obstructed to foreign firms in China (the PRC), where authorities are tightening...
Directory of 70 Video Surveillance Startups on Sep 18, 2019
This directory provides a list of video surveillance startups to help you see and research what companies are new or not yet broadly known. 2019...
Genetec Stratocast VSaaS Tested on Sep 05, 2019
The VSaaS market is rapidly expanding in 2019, with Verkada, Meraki, Eagle Eye, Avigilon and numerous startups growing their market share. When we...
Warning: Windows 7 Update Crashing NVRs on Aug 26, 2019
Windows 7 updates are causing VMS servers to fail to boot. After running the update, impacted systems do not boot as normal, instead display this...
Avigilon Blue VSaaS Tested on Aug 05, 2019
Avigilon says Blue is a "powerful integrator cloud service platform", easy to set up and configure, quickly scale business, by leveraging cloud...

Most Recent Industry Reports

ADT CEO Not Worried About DIY: "2 Discrete Markets" on Dec 13, 2019
ADT's CEO is not worried about DIY, characterizing DIY and ADT's DIFY as "2 discrete markets" at the Imperial Capital Security Investor's...
Hikvision CEO Alleged Illegal Activities Investigated on Dec 13, 2019
Hikvision's CEO Hu Yangzhong is under investigation for suspected illegal activities, according to the PRC's securities regulator. This has become...
Video Surveillance 101 Course Opened on Dec 12, 2019
IPVM is adding a Video Surveillance 101 course, designed to help those new to the industry to quickly understand the most important terms,...
Verkada Notification Outage on Dec 12, 2019
Verkada is suffering an event notification outage and analytic search failures. Inside, we examine what the issues are, what Verkada told IPVM...
Hikvision DS 2nd Gen Intercom Tested on Dec 12, 2019
With its newest IP intercom, Hikvision proclaims users can 'get full control over an entrance' regardless of where it is installed, home or office...
Honeywell 30 Series Cameras Tested Vs Dahua and Hikvision on Dec 11, 2019
Honeywell has infamously OEMed Dahua and Hikvision for years, but now they have introduced an NDAA-compliant line, the 30 Series, claiming "lower...
"Good Market, Bad Business Models" - Residential Security on Dec 11, 2019
Industry banker John Mack, at his company's annual event, took aim squarely at the problems in the residential security...
IP Camera Browser Support: Who's Broken / Who Works on Dec 10, 2019
For many years, IP cameras depended on ActiveX control, whose security flaws have been known for more than a decade. The good news is that this is...
Acquisitions - Winners and Losers on Dec 10, 2019
Most major manufacturers have been acquired over the last decade. But which have been good deals or not? In this report, we analyze the...
IP Camera Installability Shootout 2019 - Avigilon, Axis, Bosch, Dahua, Hanwha, Hikvision, Uniview, Vivotek on Dec 09, 2019
What are the best and worst cameras to install? Which manufacturers make it the hardest or easiest to install their cameras? We tested 35 total...