Insta 3 shity one x2: Difference between revisions

From Rollerbladers Wiki
Jump to navigation Jump to search
(No difference)

Revision as of 00:23, 20 May 2022

Insta360 one x2 cameras have been making quite the buzz around the inline skating community, but what not one looks into it is their downsides (at the time of this writing).

If you are planing to purchase one of these cameras for your inline skating activities, you may be interested in making a well informed consumer decision.. before you buy it and cannot return it.

App

The google play rating and feedback about the app, is quite telling. Other than that:

  • The app .apk is huge for what it appears to do. Over bloated for it's real practical use. The mobile app is very minimal for video use.
  • 70% of the app is mostly videos and or shortcuts to videos that can be found on youtube to promote how amazing the camera is and the miracles you can do
  • 15% of the app is forum and user help
  • 10% gather info and spy on you
  • 5% is user features

Privacy

While privacy of what content you willingly and knowingly publish out there, is under your control, this camera, does somethings behind the curtains, that you don't know or perhaps do not care and this camera is by it's default operation a privacy destroyer.

Forced activation

In order to be able to use the camera you need to be connected online to register it for the first time. If you do not go online, you cannot use it.
Imagine that in order to use your skates on your feet, they need to be activated by the manufacturer

When you activate the camera, the other side gets information about you that includes, but not limited to your location, ip address, device used and more.

Forced dual wireless connection

In order to be able to to access the camera with your mobile device, you have to have data access to the internet as well as your wifi active. The wifi connection will connect to the camera and the app will use the your internet data connection provider to register the camera and send your information to someone on the other side.

You cannot use just one connection. It forces you to use both on the mobile app

GPS location

In order to use the mobile app, the user is forced to activate the mobile device gps and allow the app to access it. This is done under the excuse that it needs it to find the remote device. Many mobile apps do this.

Imagine that to connect your computer to your home wifi, you will have to provide your gps location to the manufacturer of your computer or home router.

VPN

VPN The mobile app vpn feature conflicts with your other vpn setup on or mobile device. The app itself provides a proxy feature that is a vpn.

Forced VPN shutdown

If you have a vpn setup on your phone, (work, personal, professional and or security reasons), you will have to shut it down in order to be able to use the mobile app to access the camera by wifi.

If your mobile vpn setup is set to prevent all mobile apps to leak information to the internet and block apps without vpn access for higher security or due to vpn remote security settings, you will have to shut all this down which effectively will allow all apps to work normal and leak information to any internet service they want.

In order words, you cannot use your mobile vpn if you want to access the camera by wifi. You have to turn you vpn off and let all apps go free access anywhere.


Vulnerabilities

This camera has a hardcoded admin/root login password and is always by default: 88888888 for all cameras. Given to be hardcoded, it is not possible for the end user to change it.

Anyone finding your camera wifi signal (ssid) can easily connect to your camera using that wifi password and visiting the URL bellow with their browsers and see all your camera content.

http://192.168.42.1:80/DCIM/Camera01

It would be trivial for a hacker to do a drive-by attack on these camera, injecting malware into the SDcard which would later be read by your work/home computer... in fact, I'm pretty sure this could be wormable, using one camera to attack another in a cascading effect.

Vulnerabilities discussion

Starting at minute 14:40

Links

Ambarella chip