D-Link Forums

D-Link IP Cameras for Home => DCS series Network Cameras => Topic started by: phill.butte on March 10, 2017, 06:04:52 AM

Title: Need a statement from D-Link on new vulnerabilities for cameras and cloud
Post by: phill.butte on March 10, 2017, 06:04:52 AM

Bleeping Computers just published a report from Catalin Cimpanu ( https://www.bleepingcomputer.com/news/security/nearly-200-000-wifi-cameras-open-to-hacking-right-now/ and here https://pierrekim.github.io/blog/2017-03-08-camera-goahead-0day.html) showing new vulnerabilities on D-Link cameras and potentially D-Link Cloud services. In addition, he has published the code required to exploit the flaws. I keep my cameras behind a firewall so I've felt pretty safe so far. However, the vulnerabilities shown for cloud services has me worried. If the security is as lax as is described in the article then the cameras need to be disconnected and never connected again.

I'd like to see D-Links response to the article, especially the last section addressing the network protocol security of the cloud services.

Title: Re: Need a statement from D-Link on new vulnerabilities for cameras and cloud
Post by: FurryNutz on March 10, 2017, 07:25:04 AM

I'll pass this on to D-Link for review. D-Link has always been proactive in making sure security is top priority and any vulnerability's found are closed asap.

I recommend that you post this here:
http://support.dlink.com/ReportVulnerabilities.aspx (http://support.dlink.com/ReportVulnerabilities.aspx)

D-Link doesn't make statements in regards to issues like this here in the forums other than "Its under review" kind of statements.
You can find D-Link response to current reviewed issues here under the Recent Announcements section:
http://support.dlink.com/index.aspx (http://support.dlink.com/index.aspx)

If your concerned about this, I recommend that you phone contact your regional D-Link support office and ask for help and information regarding this. We find that phone contact has better immediate results over using email.
Let us know how it goes please.

Thank you.

Title: Re: Need a statement from D-Link on new vulnerabilities for cameras and cloud
Post by: a714gomez on March 10, 2017, 08:58:27 AM

The report is an in-depth hack of unrelated Chinese manufacture. D-Link will provide updated information regarding this report later today 03/10.

Title: Re: Need a statement from D-Link on new vulnerabilities for cameras and cloud
Post by: FurryNutz on March 13, 2017, 11:03:42 AM

New information posted:
http://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10071 (http://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10071)

Quote from: phill.butte on March 10, 2017, 06:04:52 AM

Bleeping Computers just published a report from Catalin Cimpanu ( https://www.bleepingcomputer.com/news/security/nearly-200-000-wifi-cameras-open-to-hacking-right-now/ and here https://pierrekim.github.io/blog/2017-03-08-camera-goahead-0day.html) showing new vulnerabilities on D-Link cameras and potentially D-Link Cloud services. In addition, he has published the code required to exploit the flaws. I keep my cameras behind a firewall so I've felt pretty safe so far. However, the vulnerabilities shown for cloud services has me worried. If the security is as lax as is described in the article then the cameras need to be disconnected and never connected again.

I'd like to see D-Links response to the article, especially the last section addressing the network protocol security of the cloud services.

Title: Re: Need a statement from D-Link on new vulnerabilities for cameras and cloud
Post by: RYAT3 on March 13, 2017, 12:41:03 PM

So we are vulnerable from cloud attack if not on latest f/w.

Title: Re: Need a statement from D-Link on new vulnerabilities for cameras and cloud
Post by: FurryNutz on March 13, 2017, 01:05:05 PM

Should already be on latest FW version.  ???

Quote from: RYAT3 on March 13, 2017, 12:41:03 PM

So we are vulnerable from cloud attack if not on latest f/w.