A series of vulnerabilities in the D-Link DCS-2132L cloud camera allow attackers to remotely tap into the video streams of the devices and also manipulate the device’s firmware.

The vulnerabilities included unencrypted cloud communication, insufficient cloud message authentication and unencrypted LAN communication, according to a May 2, 2019 ESET blog post.

A threat actor can intercept video and audio feeds in a man-in-the-middle (MitM) attack by intercepting network traffic between the viewer app and the cloud or between the cloud and the camera because the transmission of the streams between the camera and the cloud and between the cloud and the client-side viewer app are unencrypted.

Please register to continue.

Already registered? Log in.

Once you register, you'll receive:

  • News analysis

    The context and insight you need to stay abreast of the most important developments in cybersecurity. CISO and practitioner perspectives; strategy and tactics; solutions and innovation; policy and regulation.

  • Archives

    Unlimited access to nearly 20 years of SC Media industry analysis and news-you-can-use.

  • Daily Newswire

    SC Media’s essential morning briefing for cybersecurity professionals.

  • Learning Express

    One-click access to our extensive program of virtual events, with convenient calendar reminders and ability to earn CISSP credits.