It runs unencrypted over both connections – between the camera and the cloud and between the cloud and the client-side viewer app – providing fertile ground for man-in-the-middle (MitM) attacks and allowing intruders to spy on victims’ video streams.įigure 2. The most serious issue with the D-Link DCS-2132L cloud camera is the unencrypted transmission of the video stream. As shown by ESET smart home research, this is the case with the D-Link DCS-2132L cloud camera, which allows attackers to not only intercept and view the recorded video, but also to manipulate the device’s firmware. Yet, this kind of convenience can quickly turn sour if the camera suffers from a security vulnerability that opens the door to unauthorized actors. With a direct connection to the internet, their surveillance stream is just a few clicks away and available at any time.
Many people are looking to improve the security of their homes or offices by installing “smart” cameras. We will provide updates as soon as we have more information.” Some of the vulnerabilities have already been addressed in the currently available firmware version (available through the mydlink app and here). D-Link has released a statement acknowledging ESET’s findings: “D-Link is aware of the reported security issue and has been working diligently to investigate and resolve the issues.
0 kommentar(er)
