Insta 3 shity one x2
If you are planing to purchase one of these cameras for $600 CAD plus tax for your inline skating activities, you may be interested in making a well informed consumer decision.. before you buy it and cannot return it.
Insta360 one x2 cameras have been making quite the buzz around the inline skating community, but what not one talks or looks into it is their downsides found(at the time of this writing).
App
The google play rating and feedback about the app, is quite telling. Other than that:
- The app .apk is huge for what it appears to do. Over bloated for it's real practical use. The mobile app is very minimal for video use.
- 70% of the app is mostly videos and or shortcuts to videos that can be found on youtube to promote how amazing the camera is and the miracles you can do
- 15% of the app is forum and user help
- 10% gather info and spy on you
- 5% is user features
Overall, in comparison with the hardware, the mobile app is, in all honesty... garbage .
Supported platforms
- Windows, MAC and android Linux
- Linux desktop is NOT supported. (the manufacturer does not like Linux most linux platforms)
- Unix NOT supported
Voice control
Voice control is sensitive to accent and tone. The camera needs you to speak the way the camera wants. Does not learn from you. You cannot program it to your voice. If your tone changes (cold, sinus, health, etc), you will be talking to a brick.
Bluetooth and Wifi
Bluetooth and Wifi cannot be turned off to save battery consumption. They are always on which also broadcasts their signal to remote attackers that will will exploit the known vulnerabilities stated bellow as well as new ones. Wireless technology does have and will keep have vulnerabilities.
Privacy
While privacy of what content you willingly and knowingly publish out there, is under your control, this camera, does somethings behind the curtains, that you don't know or perhaps do not care and this camera is by it's default operation a privacy destroyer.
Forced activation
In order to be able to use the camera you need to be connected online to register it for the first time. If you do not go online, you cannot use it. Imagine that in order to use your skates on your feet, they need to be activated by the manufacturer
When you activate the camera, the other side gets information about you that includes, but not limited to your location, ip address, device used and more.
Forced dual wireless connection
In order to be able to to access the camera with your mobile device, you have to have data access to the internet as well as your wifi active. The wifi connection will connect to the camera and the app will use the your internet data connection provider to register the camera and send your information to someone on the other side.
You cannot use just one connection. It forces you to use both on the mobile app
GPS location
In order to use the mobile app, the user is forced to activate the mobile device gps and allow the app to access it. This is done under the excuse that it needs it to find the remote device. Many mobile apps do this.
Imagine that to connect your computer to your home wifi, you will have to provide your gps location to the manufacturer of your computer or home router.
VPN
VPN The mobile app vpn feature conflicts with your other vpn setup on or mobile device. The app itself provides a proxy feature that is a vpn.
Forced VPN shutdown
If you have a vpn setup on your phone, (work, personal, professional and or security reasons), you will have to shut it down in order to be able to use the mobile app to access the camera by wifi.
If your mobile vpn setup is set to prevent all mobile apps to leak information to the internet and block apps without vpn access for higher security or due to vpn remote security settings, you will have to shut all this down which effectively will allow all apps to work normal and leak information to any internet service they want.
In order words, you cannot use your mobile vpn if you want to access the camera by wifi. You have to turn you vpn off and let all apps go free access anywhere.
Vulnerabilities
This camera has a hardcoded admin/root login password and is always by default: 88888888 for all cameras. Given to be hardcoded, it is not possible for the end user to change it.
Anyone finding your camera wifi signal (ssid) can easily connect to your camera using that wifi password and visiting the URL bellow with their browsers and see all your camera content.
http://192.168.42.1:80/DCIM/Camera01
It would be trivial for a hacker to do a drive-by attack on these camera, injecting malware into the SDcard which would later be read by your work/home computer... in fact, I'm pretty sure this could be wormable, using one camera to attack another in a cascading effect.
Telnet access
The camera has a non-encrypted telnet server (which even Windows and macOS have removed) that lets one log in as the root user.
Vulnerabilities discussion
Starting at minute 14:40