Insta 3 shity one x2

The google play rating and feedback about the app, is quite telling. Other than that:

• The app .apk is huge (+~- 500 mb) for what it appears to do. Over bloated for it's real practical use. The mobile app is very minimal for video use.
• 70% of the app is mostly videos and or shortcuts to videos that can be found on youtube to promote how amazing the camera is and the miracles you can do
• 15% of the app is forum and user help
• 10% gather info and spy on you
• 5% is user features

Overall, in comparison with the hardware, the mobile app is, in all honesty... garbage .

• Windows, MAC and android Linux
• Linux desktop is NOT supported. (the manufacturer does not like Linux platforms)
• Unix NOT supported

In addition top spelling (which is expected) voice control is sensitive to accent and tone. The camera needs you to speak the way the camera wants. Does not learn from you. You cannot program it to your voice. If your tone changes (cold, sinus, health, etc), you will be talking to a brick.

It will be very interesting if you talk to it while drunk.

Bluetooth and Wifi cannot be turned off to save battery consumption. They are always on which also broadcasts their signal to remote attackers that will will exploit the known vulnerabilities stated bellow as well as new ones. Wireless technology does have and will keep have vulnerabilities.

Although this may depend on your mobile device operating system and or hardware, Bluetooth connection from the mobile device to the camera, is hard, troublesome, fails most of the time, and keeps asking for a pin to establish connection. However, such functional pin is nowhere to be found in any way shape or form anywhere

Online help in regards to bluetooth connection is little to ineffective in solving the problem. This includes official manufacturer information.

Devices used:

• Pixel 5 + gogole android 12
• Iphone with OS 12
• Samsung galaxy 5 + LineageOS 18

While privacy of what content you willingly and knowingly publish out there, is under your control, this camera, does somethings behind the curtains, that you don't know or perhaps do not care and this camera is by it's default operation a privacy destroyer.

Forced activation

In order to be able to use the camera you need to be connected online to register it for the first time. If you do not go online, you cannot use it.

Imagine that in order to use your skates on your feet, they need to be activated by the manufacturer that needs to know where you are using them

When you activate the camera, the other side gets information about you that includes, but not limited to your location, ip address, device used and more.

Forced dual wireless connection

In order to be able to to access the camera with your mobile device, you have to have data access to the internet as well as your wifi active. The wifi connection will connect to the camera and the app will use the your internet data connection provider to register the camera and send your information to someone on the other side.

You cannot use just one connection. It forces you to use both on the mobile app

GPS location

In order to use the mobile app, the user is forced to activate the mobile device gps and allow the app to access it. This is done under the excuse that it needs it to find the remote device. Many mobile apps do this.

Imagine that to connect your computer to your home wifi, you will have to provide your gps location to the manufacturer of your computer or home router.

VPN

VPN The mobile app vpn feature conflicts with your other vpn setup on or mobile device. The app itself provides a proxy feature that is a vpn.

Forced VPN shutdown

If you have a vpn setup on your phone, (work, personal, professional and or security reasons), you will have to shut it down in order to be able to use the mobile app to access the camera by wifi.

If your mobile vpn setup is set to prevent all mobile apps to leak information to the internet and block apps without vpn access for higher security or due to vpn remote security settings, you will have to shut all this down which effectively will allow all apps to work normal and leak information to any internet service they want.

In order words, you cannot use your mobile vpn if you want to access the camera by wifi. You have to turn you vpn off and let all apps go free access anywhere.

This camera has a hardcoded admin/root login password and is always by default: 88888888 for all cameras. Given to be hardcoded, it is not possible for the end user to change it.

Anyone finding your camera wifi signal (ssid) can easily connect to your camera using that wifi password and visiting the URL bellow with their browsers and see all your camera content.

http://192.168.42.1:80/DCIM/Camera01

It would be trivial for a hacker to do a drive-by attack on these camera, injecting malware into the SDcard which would later be read by your work/home computer... in fact, I'm pretty sure this could be wormable, using one camera to attack another in a cascading effect.

Telnet access

The camera has a non-encrypted telnet server (which even Windows and macOS have removed) that lets one log in as the root user.

Vulnerabilities discussion

Starting at minute 14:40

• If you do not need to make 360 videos. Using the smartphone on a selfie stick.is a far better and less troublesome option.
• If you need to make 360 videos, find something else or bite the bullet in regards to all these downsides.

• Insta360 one x2 default wifi password and telnet root access

Ambarella chip

• ONE X2 is based on an Ambarella chip
• ONE X2 is based on an Ambarella chipt The ambarella hack development kit
• Liemoth (formerly AHDK) is a free and open source software add-on for Ambarella based devices