Beta Patches for IP Camera Bugs

Friday, May 3, 2013 @ 05:05 PM gHale


D-Link published beta patches for vulnerabilities in the firmware for IP surveillance cameras, which could allow a hacker to intercept a video stream.

The company said on its support forum that it will publish a full release of the upgraded firmware within a month. Some of D-Link’s consumer IP cameras in its Cloud product line will automatically receive the updates.

RELATED STORIES
IP Camera Holes Allow Video Capture
Viber Android Security Bypass
Mobile Malware Hikes 163%
Android Trojan Spreads through Botnet

“We are releasing beta firmware with the security patch for customers who want to manually update their cameras immediately,” a D-Link administrator wrote on the company’s support forum.

The administrator also posted instructions for how to upgrade the firmware. Users should not upgrade over a wireless connection, as an error could break the camera.
http://forums.dlink.com/index.php?topic=53730.0

Identical notices published on the pages for other affected products. The updates come after Core Security this week published details of five vulnerabilities in D-Link’s firmware, which sees use in more than a dozen of its products.

D-Link’s IP video cameras can take stills and record video and users can manage it through web-based control panels or mobile devices. Core found a range of problems, including hard-coded credentials and authentication issues that could allow an attacker access via the RTSP (real time streaming protocol).

The technical details ended up posted in the Full Disclosure section of Seclists.org. Some of the products ended up phased out by D-Link, according to the company’s website.



Leave a Reply

You must be logged in to post a comment.