In addition to the new DJI MIC 2 working with the native iPhone camera app, it can also be used directly with an Insta360 X3 360 camera. With the previous DJI MIC or something like the RODE microphone system, you needed to use the microphone receiver and an Insta360 microphone adapter and have it all connected to the camera with a cable.
The DJI MIC 2 adds Bluetooth and you can pair it directly with the X3 just by pairing it as if it were AirPods. (I suppose Insta360 needs to update the firmware to just say “Bluetooth” if it supports devices other than Apple.)
This means a $99 DJI MIC 2 transmitter is all you need for remote audio for an X3 (or iPhone, with an extra step to switch the phone over to using it). There is no need for the receiver and cables unless you are wanting to use more than one microphone at a time (as far as I know, you can only pair one Bluetooth microphone at a time with the phone or X3).
Unfortunately, the DJI firmware disables local backup recording when using Bluetooth, and also disables the new noise elimination feature. This means if anything screws up with the Bluetooth connection, you are out of luck. Pity. Backup recording is one of the features that makes the DJI MIC so useful. Maybe this is a firmware thing they can change in the future.
When you export 360 video to a format that can be uploaded to YouTube, Facebook, or other online service that supports 360 video, you get a wide, warped video file that looks like this:
For the Insta360 ONE X2 and X3 cameras, the front facing camera (the one opposite of the preview screen) will be the focal point of the video. In this case, it’s the entrance of the Whalebone Grill in the Awa (water) realm of the new-for-2022 Lost Island Themepark in Waterloo, Iowa. (This new park is pretty amazing with its backstory and unique themes.)
But, what if you wanted the 360 view to default to a different view when first played? Unfortunately, the Insta360 mobile app and desktop apps do not provide a way to do this (currently; folks have been asking about it for years, so maybe one day…). Often, the advice is to put the video in a video editor like Premier or Final Cut Pro and change it there.
Some quick web searching led me to this REDDIT post with a comment from user glitch007 explaining a way to use the free ffmpeg utility to reprocess 360 video and set the initial view:
ffmpeg has command line options to specify the X/Y adjustments (yaw and pitch) for the 360 video export. You can import the original MP4 file and export it out as a new MP4 with the view changed. If, for example, I wanted my Whalebone Grill video to start with folks facing the seating area, I could change that and it would look like this:
In this example, “yaw=90” tells it to change the X view by 90 degrees. You could pass in 180 to make the video face the opposite direction. The “pitch” controls the looking up and down, and “roll” controls tilt (I believe; I haven’t actually tested it).
e … Equirectangular projection (the type of 360 format the video is in).
yaw / pitch / roll … Set rotation for the output video. Values in degrees.
glitch007 shared a timesaver where you specify a start and end section of the video and can quickly process just a snippet so you can see the results before doing the entire video. Using “-ss” sets the starting section, and adding “-to” lets you specify the ending second:
If you run that, you’d get a 5 second clips covering seconds 3 to 8 of the video, and could look at that and see how the view is. This allows quickly making changes to yaw/pitch/roll to get what you want.
I used the ffmpeg command line utility to do this, but there may be Windows/Mac programs that put a graphical user interface on it, making it easier for folks to use. If you know of a good one, please leave a link in the comments.
The Insta360 app has an option to change the password on the X3 camera. This may also work on other cameras, but I have not tested it. I have done a password change, but have not verified this actually did anything.
This option will cause the camera to display an authorization prompt, and once confirmed, you can type in a new WiFi password which the device will use.
I encourage ALL Insta360 camera owners to do this, as the default password is well documented and it allows anyone within WiFi range to access and download any photos/videos on the camera.
I did not expect to need to make any changes to my Insta360 ONE X2 filename article, but it looks like things have changed in the new X3 model. The files are no longer compatible (reading a ONE X2 memory car in an X3 will report corrupt files), and some of the names have been changed.
A quick one is the LRV (Low Resolution Video) files. On the ONE X2, they would be named like this:
You could open that in any video player, since it was an MP4 file.
But on the X3, the LRV files are named like this:
With the Insta360 Studio plugin installed, my Mac recognizes them as an INSV file but cannot preview them. Just like with normal .insv files, you can add .mp4 to the end and then at least open/view them.
Initially, the camera shipped with pre-1.0.00 beta software. It would prompt to upgrade to 1.0.00 on activation from the app.
2022-9-9 – v1.0.00
TBA – various crashes, settings being changed, etc.
2022-09-19 – v1.0.04
Open WiFi – a poorly implemented WiFi system has the camera broadcast itself as a WiFi hotspot to anyone within range, and allows users that know the default WiFi password all X3 cameras have to access and download any files on the memory card from a web browser… or worse. (Suggested by commenter, yt)
Raw notes… will be cleaned up and made purty with more details, soon.
X3: up to 30 seconds between taking photos via app, and more timing notes.
Some notes on timing, for those who want to compare against your existing camera. This is with the current firmware that the camera will install when you activate it (v1.0.00). Recommended Sandisk Extreme 32GB card.
App (on iPhone 13 Pro):
360 Photo, 72MP, 2:1 – there is nearly 4-5 second delay between the time you press the on screen button and the time the X3 clicks. It takes a total of about 15 seconds before the UI updates and you can take the next photo.
360 Photo, 18MP, 2:1 – 4-5 delay, and a total of about 9 seconds.
360 HDR Photo – 3-4, then about 13 seconds total.
150 Photo, 36MP, 16:9 – 3-4, about 11 seconds total.
150 Photo, 9MP, 16:9 – 3-4, about 8 seconds total.
I did have one instance where it took almost 30 seconds to be ready for the next shot.
Using the button on the camera is almost instant (within a second) and ready for the next photo in about 6-7 seconds total.
In 360 Photo mode, 72MP, pressing the button on the camera makes the click sound between 2-3 seconds later, and it takes a total of 14 seconds before the screen comes back on for the next photo.
In 360 Photo mode, 18MBP, it takes about a second to take the picture, and a total of about 5-6 before you can take the next shot.
In 360 HDR Photo mode, 18MP, it takes about a second to take the picture, and a total of 9-10 seconds before you can take the next shot.
Some of this feels like the timer is on, which isn’t being shown in the app or on the camera. earlier, I used the Quick button and had selected that mode. It seems it may be remembering settings that have since been turned off.
Earlier this week, Insta360 introduced a new camera – the X3. The X3 is the latest 360 action camera, and builds upon the feature set of the ONE X2 which came before it (and the ONE X before it, and so on).
One of the features that was brought over from the ONE X2 is the unprotected WiFi hotspot that is active any time the camera is powered up. This allows anyone within WiFi range the ability to connect to the camera and browse (or download) any photos or videos that are stored on it:
In addition to this, telnet is still enabled, with the root account having no password. Just telnet to that IP address and log in as root to have full access to the camera’s file system:
It is disappointing to see this unsecure access method continued in the next generation of their camera, but the company has posted that they are aware of this and are working on it.
Of course, the majority of users simply will not care. “It’s very unlikely to happen to me,” they say. “And if it does, so what, they get my photos.”
In other words, this is just like any other security issue out there. Some folks treat them seriously and take steps to avoid the problems, and others just don’t care. If it were not for the “don’t care” crowd, we wouldn’t have such great malware, viruses and ransomware :)
The exploit allows anyone within WiFi range the ability to connect to your camera and do “stuff.” According to the PetaPixel article, Insta360 has already plugged some of this:
Currently the list_directory has already been terminated and it is no longer possible to access the camera content through the browser.
– Insta360 response, per PetaPixel article
Unfortunately, this is not true. Using the current available firmware, v1.0.59_build1, on my ONE X2 I see it appear on WiFi as expected:
…and if I select this interface, and then open the URL in a browser, I find all my files are indeed able to be listed:
I can then click on one of the .insv video files and play it (or save off a copy):
“And it’s just that easy!”
With this camera, there is no privacy because the camera is broadcasting itself to any WiFi devices around it, and allowing any of them to connect without authentication and then browse and view/download anything on the microSD card.
What’s worse is you can also telnet in to the device. I tried that to see if it still worked:
You will notice it did not ask for a password here, either.
Both of these screenshots (web browser and telnet) were done on my iPad.
WHILE I was connected to my X2 via the iPad, I then connected a Windows PC. Using the default password of “88888888” I was now connected from two devices (which for some reason folks think isn’t possible). Both my Windows PC and my iPad were connected and able to access the files from a web browser.
At least two firmware updates have come out since this first appeared on REDDIT, and it does not appear anything has changed.
ScrewX2: The proof-of-concept that a script kiddie could have written
Shortly after this exploit was first mentioned, someone could have easily created a script that would look for WiFi hotspots following the name “ONE X2 xxxxx” and connect to them. The script could then issue http GET commands to retrieve files on the memory card, or telnet in to delete things, potentially bricking the camera.
Worse, the script could deliver a payload of malware, and if the user ever mounted that memory card in a computer, the malware could have been ran accidentally. Hopefully most of us will never run some random executable or installer found on a camera memory card, but it would be tempting to try to find out what “360VIEWER.EXE” does, or “Insta360MacConverter.dmg” is.
I will not link to any such “screwx2” script, and will delete any links to such posted in the comments here. The cat is firmly out of the bag, with the default WiFi password known, and NO password on the web interface or telnet, so all we can do is hope that Insta360 addresses this issue eventually.