A series of vulnerabilities in the D-Link DCS-2132L cloud camera allow attackers to remotely tap into the video streams of the devices and also manipulate the device’s firmware.
The vulnerabilities included unencrypted cloud communication, insufficient cloud message authentication and unencrypted LAN communication, according to a May 2, 2019 ESET blog post.
A threat actor can intercept video and audio feeds in a man-in-the-middle (MitM) attack by intercepting network traffic between the viewer app and the cloud or between the cloud and the camera because the transmission of the streams between the camera and the cloud and between the cloud and the client-side viewer app are unencrypted.
Please register to continue.
Already registered? Log in.
Once you register, you'll receive:
The context and insight you need to stay abreast of the most important developments in cybersecurity. CISO and practitioner perspectives; strategy and tactics; solutions and innovation; policy and regulation.
Unlimited access to nearly 20 years of SC Media industry analysis and news-you-can-use.
SC Media’s essential morning briefing for cybersecurity professionals.
One-click access to our extensive program of virtual events, with convenient calendar reminders and ability to earn CISSP credits.