Hackers could serve fake videos by doing it Injectable in the popular home tracking kit Dropcam. Immediately after, they can use the system to attack networks, η να κάνουν μια ληστεία, αναφέρουν οι researchers Patrick Wardle and Colby Moore.
Attacks presuppose that attackers have physical access to devices, and exploits use Heartbleed vulnerability.
Dropcam is one platform video surveillance company that was last month bought by Google's Nest Labs for $555 million.
Wardle (@patrickwardle) and Moore (@colbymoore) of the security company Synack, based in California,κατάφεραν με reverse-engineering, (αντίστροφη μηχανική) στο υλικό και στο λογισμικό του Drοpcam να εμφυτεύσουν malware on the devices. In this way they can attack homes or even corporate networks.
"If anyone has physical access, the game is over," Wardle told DarkReading.
"The camera is vulnerable to Heartbleed client-side attacks. You could be fooling Dropcam DNS server. ”
The duo will describe the vulnerability of Dropcam during the speech " Optical surgery; Implanting DropcamAt the upcoming DEF CON 22 conference in Las Vegas next month.
