Uncover new research conducted by the company “ESET” ESET Security Camera D-Link Cloud suffer from many security vulnerabilities, which can open the door to trade for non –Guba.
Based on the information disclosed by the search “ESET Internet of things” ESET IoT, it has softened the company manufactured some of the weaknesses reported, but others are still looming on the horizon.
Researcher (Mel Frank) – official laboratory “ESET” research in the Slovak capital, Bratislava: the most serious problem in the Cloud Camera D-Link DCS-2132L is sending non-encrypted broadcast video. It includes in a manner not encrypted across each link. between the camera and the cloud, between the cloud and the width of the part of the user – which provides fertile ground for attacks, “man in the middle” (MitM) and allows hackers to spy on broadcast video of the victims.
According to the research, I hid another serious problem found in a camera found in the web browser Services “myDlink”. This is one of the forms of application of the supply available to the user; as well as other applications, such as mobile apps, which was not part of the search “ESET”.
The company explained that the plug-in of the web browser manages to create a tunnel and TCP, video playback direct in the user’s browser, but it is also responsible for redirecting requests for data streams of video and audio, through the tunnel, which listens on a port created dynamically on the local host.
Related topics what you read now:
Says Frank: “it can be the weakness of plug-ins and disastrous consequences on the security camera, as it allowed an attacker to replace the firmware of the eastern edition of the counterfeit”.
Informed the “ESET” on all the gaps for the manufacturer. Since then I fixed some security holes – especially in the plug myDlink – by update, but there are still problems related to transmission not encrypted.