ESET vulnerability in cam allows tracking of the owner

According to ESET's latest survey on IoT, the D-Link DCS-2132L cloud camera has many security vulnerabilities that allow unauthorized persons to access. According to the manufacturer, some of the vulnerabilities have been repaired, but there are still problems.ESET

"The most serious problem with the D-Link DCS-2132L cloud camera is the unencrypted video streaming. It runs without encryption and on συνδέσεις – μεταξύ της κάμερας και του cloud και μεταξύ του cloud και της εφαρμογής που χρησιμοποιεί ο χρήστης. Ως αποτέλεσμα, προσφέρεται πρόσφορο έδαφος για επιθέσεις man-in-the-middle (MitM) και επιτρέπεται στους εισβολείς να κατασκοπεύουν τις ροές βίντεο των θυμάτων», εξηγεί ο Milan Fránik, ερευνητής στο ESET Research Lab στη Μπρατισλάβα.

Ένα άλλο σοβαρό πρόβλημα που εντοπίστηκε στην κάμερα ήταν κρυμμένο στο plug-in της εφαρμογής «myDlink » για web browser. Πρόκειται για μία από τις εναλλακτικές εφαρμογές παρακολούθησης που έχει στη διάθεσή του ο χρήστης. Διατίθενται και εφαρμογές για mobile, οι οποίες ωστόσο δεν ήταν μέρος της έρευνας της ESET.

This particular plug-in manages the της σύνδεσης TCP και την αναπαραγωγή live video στο user's browser, but is also responsible for forwarding requests to stream both video and audio data over a connection, which "listens" on a port opened on localhost.

"The vulnerability of the plug-in could have serious security implications as it allowed attackers to replace legitimate firmware with their own counterfeit or back-door version," notes Fránik.

ESET has reported all the vulnerabilities found in the manufacturer. Since then, some of the vulnerabilities - mainly in the myDlink plug-in - have been fixed and patched, but there are still issues with the non-encrypted transmission.

For a more detailed description of vulnerabilities and possible attack scenarios, read the "D-Link camera vulnerability allows attackers to tap into the video stream"On ESET's site, WeLiveSecurity.com.

______________

iGuRu.gr The Best Technology Site in Greecefgns

every publication, directly to your inbox

Join the 2.087 registrants.

backbrowsercloudESETvideo lesson

Written by newsbot

Although the press releases will be from very select to rarely, I said to go ... because sometimes the authors are hiding.

Leave a reply

Your email address is not published. Required fields are mentioned with *

Your message will not be published if:
1. Contains insulting, defamatory, racist, offensive or inappropriate comments.
2. Causes harm to minors.
3. It interferes with the privacy and individual and social rights of other users.
4. Advertises products or services or websites.
5. Contains personal information (address, phone, etc.).