Print

Please login or register.
1 Hour 1 Day 1 Week 1 Month Forever
Login with username, password and session length

[Zpeed]

Hi!

I just installed my new DCS-2121 and enabled upnp to be able to watch the feed from my mobile.
While being on vacation I noticed that the feed redirected to some strange Russian site, lovebak.com
Back home now, I noticed that the /m/m/index.html file contains an iframe at the bottom, that redirects there. So SOMEONE (not me) has been able to alter the index on the wap site and add that at the end some way or the other.

While Googling I found only one reference on a French forum, and other than the lack of newer firmware for the camera no direct reactions to this.

I tried with a simple PUT to put the original file back, without the iframe at the bottom, but there I get a 403.

My questions:

- Anyone else seen this problem?
- When can we expect new firmware to fix this HUGE security problem?
- How to restore the original (and yes, I tried a factory reset, but that doesn't restore the html files it seems)
- How did they manage?

It seems from the config db that it's an OEM'ed alphanetworks.com camera with a lot more options that d-link put in there (like SIP! And SSL, which would certainly have helped here). Any input from them maybe, it seems they are writing the firmware?

/Robni

[drgrateful]

This is just to let you know that I am experiencing your same problem! Does this mean that somebody can freely access the IP camera, maybe as admin?

Matteo

[frepa]

I have the same problem and it seems to be related to the upgrade to firmware version 1.05 (4630). That version doesn't appear to be possible to download from D-links support page anymore. The latest available version there is 1.04. I recently ordered an additional (brand new) DCS-2121. It came with 1.05 preinstalled and I was really surprised to discover that it was hacked as well on delivery! It is really conspicuous that D-link doesn't seem to care at all about there are firmware out there (even distributed with there new cameras) that is hacked and forwarded to suspicious Russian spam-sites:(
/Fredrik

[Tco]

Me too have discovered the same thing,  new cam with 1.05 installed from start.  
To watch my DCS-2121 on the phone I just enter: ip-address/m  and then I can watch the camera without even writing a password! Above the image there is a text link saying "Main page" which opens lovebak.com when activated !!    
 (yes a pw is set and must be entered to tonnect to camera when entering ip address in computers browser)

I dont dare to use this camera since my home seems open for anyone with this camera, hacked from start.
Anybody that knows which is the latest secure firmware version and where to find it?



/TCo

[Tco]

After some searching I found a newer version which claims to resolve the lovebak.com issue.
Found it at:  ftp://203.126.164.142/DCS-2121/    (official D-link server )
From the release note:
DCS-2102/2121 Firmware Release Note

Version: 1.05_patch01-4927
Date: December 27, 2010
SVN Revision: 22417

Problems Resolved:
   Virus is detected when accessing camera via http://xxx.xxx.xxx.xxx/m.

Maybe I will download and try it out.

/TCo

[Ruvane]

Smart phones and mobile devices fit our modern day pace like a glove. Having access to the Internet at all times and all places seems almost necessary in this ever more technical world. Many have eschewed PCs and laptops altogether and use cellular devices as their only means of accessing the Internet. But some say that we should be careful with the less-secure devices. Same topic here Mobile devices huge target for hackers in 2012 .Hackers are on their best techniques in doing cyber crimes. So that user's safe browsing is an effective way to prevent  them.

[marcelofarias]

I have the same problem.
But who knows that ftp 203.126.164.142 is really a dlink oficial webserver ?
It can be a hacker server !!!