Tech,Space,Gaming, and Science Fiction News to wet your whistle
Flaws in D-Link Cloud Camera Expose Video Streams
Vulnerabilities in the D-Link DCS-2132L cloud camera can be exploited by attackers to tap into video or audio streams, but could also potentially provide full access to the device.
The main issue with the camera is the fact that no encryption is used when transmitting the video stream. Specifically, both the connection between the camera and the cloud and that between the cloud and the viewing application are unencrypted, thus potentially exposed to man-in-the-middle (MitM) attacks.
The viewer app and the camera communicate through a proxy server on port 2048, using a TCP tunnel based on a custom D-Link tunneling protocol, but only parts of the traffic are encrypted, ESET's security researchers have discovered.
In fact, sensitive details such as the requests for camera IP and MAC addresses, version information, video and audio streams, and extensive camera info are left exposed to attackers. The vulnerability resides in the request.c file, which handles HTTP requests to the camera.
"All HTTP requests from 127.0.0.1 are elevated to the admin level, granting a potential attacker full access to the device," ESET notes.
An attacker able to intercept the network traffic between the viewer app and the cloud or between the cloud and the camera can see the HTTP requests for the video and audio packets. This allows the attacker to reconstruct and replay the stream at any time, or obtain the current audio or video stream.
ESET's security researchers say they were able to obtain the streamed video content in two raw formats.
Another major issue was found in the "mydlink services" web browser plug-in, which allows users to view video streams. The plug-in manages the creation of the TCP tunnel and the video playback, but is also responsible for forwarding requests for the video and audio data streams through a tunnel.
The tunnel is available for the entire operating system, meaning that any application or user on the computer can access the camera's web interface by a simple request (only during the live video streaming).
"No authorization is needed since the HTTP requests to the camera's webserver are automatically elevated to admin level when accessing it from a localhost IP (viewer app's localhost is tunneled to camera localhost)," the researchers explain.
While D-Link has addressed issues with the plug-in, there are still a series of vulnerabilities in the custom D-Link tunneling protocol that provide an attacker with the possibility to replace the legitimate firmware on the device with a maliciously modified one. For that, they would need to replace the video stream GET request with a specific POST request to fetch a bogus firmware update.
The attack, ESET notes, is not trivial to perform and requires dividing the firmware file into blocks with specific headers and of a certain maximum length. However, because the authenticity of the firmware binary is not verified, an attacker could upload one containing cryptocurrency miners, backdoors, spying software, botnets or other Trojans, or they could deliberately "brick" the device.
Other issues the researchers discovered include the fact that D-Link DCS-2132L can set port forwarding to itself on a home router, via the Universal Plug and Play (UPnP) protocol. Thus, it exposes its HTTP interface on port 80 to the Internet without the user even knowing about it. The issue can be mitigated by disabling UPnP.
"Why the camera uses such a hazardous setting is unclear. Currently close to 1,600 D-Link DCS-2132L cameras with exposed port 80 can be found via Shodan, most of them in the United States, Russia and Australia," the researchers say.
ESET says it reported the issues to D-Link in August 2018, including vulnerable unencrypted cloud communication, insufficient cloud message authentication and unencrypted LAN communication, but that only some of the flaws have been mitigated, such as the "mydlink services" plug-in, which is now properly secured. The most recent firmware available for the device is dated November 2016.
"D-Link DCS-2132L camera is still available on the market. Current owners of the device are advised to check that port 80 isn't exposed to the public internet and reconsider the use of remote access if the camera is monitoring highly sensitive areas of their household or company," ESET concludes.
By Liam McCabe This post was done in partnership with Wirecutter . When readers choose to buy Wirecutter's independently chosen editorial picks, it may earn affiliate commissions that support its work. Read the full article here . After six summers of researching, testing, and recommending window air conditioners, we've learned that quiet and affordable ACs make most people the happiest—and we think the LG LW8016ER will fit the bill in most rooms. This 8,000 Btu unit cools as efficiently and effectively as any model with an equal Btu rating, and runs at a lower volume and deeper pitch than others at this price. Little extra features like a fresh-air vent, two-axis fan blades, and a removable drain plug help set it apart, too. The LG LW8016ER is a top choice for an office or den, and some people will find it quiet enough for a bedroom, too. If our main pic
Lenovo is announcing a pair of new laptops today, the Yoga 730 and Flex 14, both of which are seeing a number of small design tweaks and receiving Intel’s 8th gen processors. While there aren’t any major changes this year, the 730 is getting one notable improvement to help it stand out: it has built-in far-field mics so that it can support Alexa. The Yoga 730 is really similar to last year’s Yoga 720 : like all Yoga laptops, it has a touchscreen and can flip around into tablet mode; it starts with a price around $900 but can go much higher if you spec it out; and while it’s a well-made laptop with an aluminum body, it isn’t quite as slim or light as what Lenovo offers in its Yoga 900 series laptops. This year, the 730 has received a few... Continue reading… via The Verge - Tech Posts "http://ift.tt/2BQTs1c"