D-Link Cloud Camera, DCS-2132L, revealed critical flaws when researchers evaluated the cloud service. Using the remote access feature of the camera will make it vulnerable to cyberattacks, primarily if the device was used to record and monitor highly-sensitive areas in companies and households.
D-Link has failed to completely fix the flaws in its WiFi camera. The faults not only allow the hackers to hijack the camera and intercept the recorded video but also to manipulate the firmware of the device.
Check This Out: Top Cloud Solution Companies
According to the researchers, the flaws create optimum conditions for man-in-the-middle (MitM) attacks. The leading cause of the problem is the lack of encryption during the transmission of the video stream between the camera and D-Link cloud service, and then to the user’s viewing application.
The camera is linked to the user viewing app via a proxy server using a transmission control protocol (TCP) tunnel based on a custom D-Link tunneling protocol. Of all the data traffic moving through the tunnels, only a part of it is encrypted. The non-encrypted part includes camera internet protocol (IP) and media access control (MAC) address requests, version information, video and audio streams which are vulnerable to attacks.
Another cause might be the customized open-source Boa web server source code used by D-Link. Boa is a small-footprint web server software usually utilized by embedded applications. Since the D-Link makes use of an outdated web server to the camera sans encryption, all the requests are elevated to the administrator level. As a result, the potential hacker is given complete access to the device.
The MitM attacker can easily intercept the traffic from the device and acquire the data stream of the TCP connection on the server. Furthermore, they can access the request for video and audio packets and steal the streamed video content for playback. The streams can then be reconstructed at their leisure to obtain the entire audio or video stream from the camera device.
Also, several bugs were identified in the cloud camera. The universal plug and play linked to port 80 of home router expose the HTTP interface to potential attackers scanning the open port. An ESET scan of DCS-2132L cameras with open port 80 revealed almost 1,600 devices with critical flaws, of which more than 30 percent were located in the US.