Print

Please login or register.
1 Hour 1 Day 1 Week 1 Month Forever
Login with username, password and session length

[phill.butte]

Bleeping Computers just published a report from Catalin Cimpanu ( https://www.bleepingcomputer.com/news/security/nearly-200-000-wifi-cameras-open-to-hacking-right-now/ and here https://pierrekim.github.io/blog/2017-03-08-camera-goahead-0day.html) showing new vulnerabilities on D-Link cameras and potentially D-Link Cloud services. In addition, he has published the code required to exploit the flaws. I keep my cameras behind a firewall so I've felt pretty safe so far. However, the vulnerabilities shown for cloud services has me worried. If the security is as lax as is described in the article then the cameras need to be disconnected and never connected again.

I'd like to see D-Links response to the article, especially the last section addressing the network protocol security of the cloud services.

[FurryNutz]

I'll pass this on to D-Link for review. D-Link has always been proactive in making sure security is top priority and any vulnerability's found are closed asap.

I recommend that you post this here:
http://support.dlink.com/ReportVulnerabilities.aspx

D-Link doesn't make statements in regards to issues like this here in the forums other than "Its under review" kind of statements.
You can find D-Link response to current reviewed issues here under the Recent Announcements section:
http://support.dlink.com/index.aspx

If your concerned about this, I recommend that you phone contact your regional D-Link support office and ask for help and information regarding this. We find that phone contact has better immediate results over using email.
Let us know how it goes please.

Thank you.

[a714gomez]

The report is an in-depth hack of unrelated Chinese manufacture. D-Link will provide updated information regarding this report later today 03/10.

[FurryNutz]

New information posted:
http://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10071

Bleeping Computers just published a report from Catalin Cimpanu ( https://www.bleepingcomputer.com/news/security/nearly-200-000-wifi-cameras-open-to-hacking-right-now/ and here https://pierrekim.github.io/blog/2017-03-08-camera-goahead-0day.html) showing new vulnerabilities on D-Link cameras and potentially D-Link Cloud services. In addition, he has published the code required to exploit the flaws. I keep my cameras behind a firewall so I've felt pretty safe so far. However, the vulnerabilities shown for cloud services has me worried. If the security is as lax as is described in the article then the cameras need to be disconnected and never connected again.

I'd like to see D-Links response to the article, especially the last section addressing the network protocol security of the cloud services.

[RYAT3]

So we are vulnerable from cloud attack if not on latest f/w.

[FurryNutz]

Should already be on latest FW version. 

So we are vulnerable from cloud attack if not on latest f/w.