IP Camera Holes Allow Video Capture

Wednesday, May 1, 2013 @ 02:05 PM gHale


There are vulnerabilities in D-Link IP cameras attackers can exploit to capture video streams.

The vulnerabilities include OS command injection, authentication flaws, information leakage, and the use of hard-coded credentials, said researchers at Core Security.

RELATED STORIES
Viber Android Security Bypass
Mobile Malware Hikes 163%
Android Trojan Spreads through Botnet
3rd Party Apps a Bug Nightmare

Attackers can leverage these security holes to execute arbitrary commands from the administration web interface, bypass RTSP authentication by using the hard-coded credentials, access the video stream via HTTP, access the stream via RTSP, or capture the ASCII video stream via image luminance.

All 16 vulnerable D-Link models contain a hardcoded password — “?*” — that provides a back door to the devices, which would enable attackers to access their live RTSP video stream. Core found over a dozen models containing the buggy firmware, but other devices might also suffer from the issue.

D-Link released updated firmware late last week and patches were ready on its website.



Leave a Reply

You must be logged in to post a comment.