Hackers gain access to D-Link’s cloud camera video stream.
Researchers warn customers to reconsider the use of the camera’s remote access feature if the device is monitoring highly sensitive areas of their household or company.
D-Link has only partially patched critical flaws affecting its consumer WiFi camera, that allows hackers to intercept and look at the recorded video.Furthermore they also allow attackers and hackers to manipulate the device’s firmware, according to security researchers. The camera in question is D-Link’s DCS-2132L cloud camera that is popular amongst consumers and sold at big-box retailers and online. A report outlining the flaw focuses on finding the cause that created the bug, the problem is tied to the lack of encryption in the transmission of the video stream between the D-Link’s cloud service and the camera.
Apparently the bug is further traced to D-Link’s Use of customised Open source BOA Web server source code.Boa is a small-footprint web server software, typically used with embedded applications — and it was discontinued in 2005. ESET said that because the D-Link Boa web server handles HTTP requests to the camera sans encryption, “all HTTP requests from 127.0.0.1 are elevated to the admin level, granting a potential attacker full access to the device.”A second plug in bug was also identified by ESET. The bug relates to D-Link’s “MyD-link services” that allows the users to view the video content without using the app.With this bug, the flaw only manifests when a user is live-streaming content to the plugin. The researchers looked in to the issue and said that,”The web browser plugin manages the creation of the TCP tunnel and the live video playback in the client’s browser, but is also responsible for forwarding requests for the video and audio data streams through a tunnel, which listens on a dynamically generated port on localhost.”This indicates that during that window of opportunity when the viewer is streaming the video content, a local unauthenticated user can access the camera’s web interface simply by opening the hxxp://127.0.0.1:RANDOM_PORT/ address. “The tunnel is made available for the whole operating system, so any application or user on the client’s computer can simply access the camera’s web interface by a simple request,” they researchers added.This allows an attacker to create a non-trivial attack where they can replace the legitimate firmware with their own rigged or back-doored version.
Gloss