A WiFi camera (model DCS-2123L) designed by the manufacturer D-Link contains critical vulnerabilities that would allow a hacker to intercept and visualize the recordings stored on the device, in addition to altering the firmware, as mentioned by cyber forensics course specialists. The company has not completely corrected the flaws in this camera, which is one of D-Link’s most popular models.
One of these vulnerabilities can even generate
the ideal conditions for deploying a Man-in-the-Middle
(MiTM) attack, as reported by cyber forensics course specialists for over half
a year. The problem might be related to the lack of encryption in the video
transmissions between the camera and the platform in the D-Link cloud; fails in
the application for camera users may also be related to these vulnerabilities.
The camera communicates with the application
for users via proxy server on port 2048, using a TCP tunnel based on the custom
D-Link tunneling protocol. The problem is that only part of that traffic is
encrypted, leaving other data to be exposed as IP address requests, audio and
video streams, as well as information about the device.
The vulnerability is also related to the use
that D-Link makes the source code of the open source web server Boa, which stopped
receiving support over ten years ago, mentioned the cyber forensics course experts.
Using a MiTM attack, a threat actor could
intercept network traffic and access the TCP connection data stream on port
2048, gaining access to audio and video packets.
Although the company has already addressed some
of its security errors, the corrections made so far are still insufficient,
considered specialists from the International Institute of Cyber Security
(IICS).
Although the MyDlink plugin seems to have been
updated satisfactorily, other flaws still persist. According to the reports,
the latest available version of the firmware was launched in 2016, so it does
not correct other known failures after that date, so the legitimate firmware could
be easily manipulated.
