• August 19, 2019, 06:47:02 AM
  • Welcome, Guest
Please login or register.

Login with username, password and session length
Advanced search  

News:

This Forum Beta is ONLY for registered owners of D-Link products in the USA for which we have created boards at this time.

Author Topic: Need a statement from D-Link on new vulnerabilities for cameras and cloud  (Read 1508 times)

phill.butte

  • Level 1 Member
  • *
  • Posts: 5

Bleeping Computers just published a report from Catalin Cimpanu ( https://www.bleepingcomputer.com/news/security/nearly-200-000-wifi-cameras-open-to-hacking-right-now/ and here https://pierrekim.github.io/blog/2017-03-08-camera-goahead-0day.html) showing new vulnerabilities on D-Link cameras and potentially D-Link Cloud services. In addition, he has published the code required to exploit the flaws. I keep my cameras behind a firewall so I've felt pretty safe so far. However, the vulnerabilities shown for cloud services has me worried. If the security is as lax as is described in the article then the cameras need to be disconnected and never connected again.

I'd like to see D-Links response to the article, especially the last section addressing the network protocol security of the cloud services.
Logged

FurryNutz

  • Poweruser
  •   ▲
    ▲ ▲
  • *****
  • Posts: 47689
  • D-Link Global Forum Moderator
    • Router Troubleshooting

I'll pass this on to D-Link for review. D-Link has always been proactive in making sure security is top priority and any vulnerability's found are closed asap.

I recommend that you post this here:
http://support.dlink.com/ReportVulnerabilities.aspx

D-Link doesn't make statements in regards to issues like this here in the forums other than "Its under review" kind of statements.
You can find D-Link response to current reviewed issues here under the Recent Announcements section:
http://support.dlink.com/index.aspx

If your concerned about this, I recommend that you phone contact your regional D-Link support office and ask for help and information regarding this. We find that phone contact has better immediate results over using email.
Let us know how it goes please.

Thank you.
Logged
Cable:200mb/10Mb>NetGear C7800>DIR-882>DGS-1100>HP 24pt Gb Switch. COVR-3902/2202/1203,DIR-2680,890L,882,880L,868L,DNR-202L,DNS-345x2,DCS-933L,936L and 960L.
Go Here>Router Troubleshooting

a714gomez

  • Technical Engineer Global Moderator
  • Level 1 Member
  • *
  • Posts: 20

The report is an in-depth hack of unrelated Chinese manufacture. D-Link will provide updated information regarding this report later today 03/10.
Logged

FurryNutz

  • Poweruser
  •   ▲
    ▲ ▲
  • *****
  • Posts: 47689
  • D-Link Global Forum Moderator
    • Router Troubleshooting

New information posted:
http://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10071

Bleeping Computers just published a report from Catalin Cimpanu ( https://www.bleepingcomputer.com/news/security/nearly-200-000-wifi-cameras-open-to-hacking-right-now/ and here https://pierrekim.github.io/blog/2017-03-08-camera-goahead-0day.html) showing new vulnerabilities on D-Link cameras and potentially D-Link Cloud services. In addition, he has published the code required to exploit the flaws. I keep my cameras behind a firewall so I've felt pretty safe so far. However, the vulnerabilities shown for cloud services has me worried. If the security is as lax as is described in the article then the cameras need to be disconnected and never connected again.

I'd like to see D-Links response to the article, especially the last section addressing the network protocol security of the cloud services.
Logged
Cable:200mb/10Mb>NetGear C7800>DIR-882>DGS-1100>HP 24pt Gb Switch. COVR-3902/2202/1203,DIR-2680,890L,882,880L,868L,DNR-202L,DNS-345x2,DCS-933L,936L and 960L.
Go Here>Router Troubleshooting

RYAT3

  • Level 10 Member
  • *****
  • Posts: 2110

So we are vulnerable from cloud attack if not on latest f/w.
Logged

FurryNutz

  • Poweruser
  •   ▲
    ▲ ▲
  • *****
  • Posts: 47689
  • D-Link Global Forum Moderator
    • Router Troubleshooting

Should already be on latest FW version.  ???

So we are vulnerable from cloud attack if not on latest f/w.
Logged
Cable:200mb/10Mb>NetGear C7800>DIR-882>DGS-1100>HP 24pt Gb Switch. COVR-3902/2202/1203,DIR-2680,890L,882,880L,868L,DNR-202L,DNS-345x2,DCS-933L,936L and 960L.
Go Here>Router Troubleshooting