The Arlo system of the manufacturer Netgear, in different versions and with various components was already considered by us in earlier quick checks. We take the video intercom comparison test as an opportunity to briefly test the Arlo Doorbell in combination with the corresponding Chime and the Arlo Ultra cameras. In the past test iterations, the system has always performed well. The following report will clarify whether this is also the case for the current version.

Application

The mobile applications (Android v2.7.11_25630; iOS v2.8) leave a solid, if not perfect impression. The large number of third-party modules such as Facebook, Baidu, Appsee and Airbnb, which are integrated into the app and largely fall into the category of advertising and tracking, is particularly striking. The static analysis also identified some potential weak points in these modules, which are thereby introduced into the application.

Apart from that, there is no real reason for criticism: the security-relevant areas of the application, especially for encrypted communication and password security, have been adequately implemented and there are no other obvious weak points to be found.

Local Communication and Online Communication

In this area, too, there are no obvious weaknesses to mention that would have been noticed in our short test. Once the system has been set up, no unencrypted connections of any kind can be observed. All encrypted communication, such as the login process and the transmission of video and audio data, is also adequately protected against the most common man-in-the-middle attacks, so that there is no reason for criticism here either.

Only the security scan of the device provided evidence for a vulnerability of the basis for a so-called DNS Server Cache Snooping Remote Information Disclosure, which could possibly enable an attacker in the local network to resolve the domains resolved by the device. In the present scenario, however, we do not see this as a critical vulnerability that would in any way justify a negative rating.

Privacy Policy

The Arlo System Privacy Policy was last amended in July 2018 and is written in an easy-to-understand manner. Data processing by Netgear is explained in detail in several languages. Both the processing and storage of data takes place worldwide. The analysis of the recorded videos (e.g. for motion detection) also takes place on Netgear servers worldwide. In contrast to the information on the purpose of data processing, the information on the storage duration of collected data is formulated rather imprecisely. Storage on the user’s continent, as is common practice with other manufacturers, would also be desirable.

Verdict

The Arlo solution consisting of Doorbell, Chime and Ultra cameras convinced in the quick check by an absolutely solid basic security. No critical weak points could be detected or suspected in the relevant security areas. However, the Arlo solution is not perfect either: there are a few points in the areas of application and data protection that cloud the overall impression. Nevertheless, these alone do not justify a devaluation, so that we can rate the Arlo system accordingly with the full 3.