• October 20, 2020, 02:11:10 PM
  • Welcome, Guest
Please login or register.

Login with username, password and session length
Advanced search  

News:

This Forum Beta is ONLY for registered owners of D-Link products in the USA for which we have created boards at this time.

Author Topic: Mobile URL hack DCS-2121  (Read 9492 times)

Zpeed

  • Level 1 Member
  • *
  • Posts: 1
Mobile URL hack DCS-2121
« on: June 21, 2011, 02:42:49 PM »

Hi!

I just installed my new DCS-2121 and enabled upnp to be able to watch the feed from my mobile.
While being on vacation I noticed that the feed redirected to some strange Russian site, lovebak.com
Back home now, I noticed that the /m/m/index.html file contains an iframe at the bottom, that redirects there. So SOMEONE (not me) has been able to alter the index on the wap site and add that at the end some way or the other.

While Googling I found only one reference on a French forum, and other than the lack of newer firmware for the camera no direct reactions to this.

I tried with a simple PUT to put the original file back, without the iframe at the bottom, but there I get a 403.

My questions:

- Anyone else seen this problem?
- When can we expect new firmware to fix this HUGE security problem?
- How to restore the original (and yes, I tried a factory reset, but that doesn't restore the html files it seems)
- How did they manage?

It seems from the config db that it's an OEM'ed alphanetworks.com camera with a lot more options that d-link put in there (like SIP! And SSL, which would certainly have helped here). Any input from them maybe, it seems they are writing the firmware?

/Robni
Logged

drgrateful

  • Level 1 Member
  • *
  • Posts: 1
Re: Mobile URL hack DCS-2121
« Reply #1 on: July 04, 2011, 06:38:03 AM »

This is just to let you know that I am experiencing your same problem! Does this mean that somebody can freely access the IP camera, maybe as admin?

Matteo
Logged

frepa

  • Level 1 Member
  • *
  • Posts: 1
Re: Mobile URL hack DCS-2121
« Reply #2 on: July 25, 2011, 01:13:10 PM »

I have the same problem and it seems to be related to the upgrade to firmware version 1.05 (4630). That version doesn't appear to be possible to download from D-links support page anymore. The latest available version there is 1.04. I recently ordered an additional (brand new) DCS-2121. It came with 1.05 preinstalled and I was really surprised to discover that it was hacked as well on delivery! It is really conspicuous that D-link doesn't seem to care at all about there are firmware out there (even distributed with there new cameras) that is hacked and forwarded to suspicious Russian spam-sites:(
/Fredrik
Logged

Tco

  • Level 1 Member
  • *
  • Posts: 2
Re: Mobile URL hack DCS-2121
« Reply #3 on: August 04, 2011, 03:08:28 AM »

Me too have discovered the same thing,  new cam with 1.05 installed from start.  
To watch my DCS-2121 on the phone I just enter: ip-address/m  and then I can watch the camera without even writing a password! Above the image there is a text link saying "Main page" which opens lovebak.com when activated !!    
 (yes a pw is set and must be entered to tonnect to camera when entering ip address in computers browser)

I dont dare to use this camera since my home seems open for anyone with this camera, hacked from start.
Anybody that knows which is the latest secure firmware version and where to find it?



/TCo
« Last Edit: August 05, 2011, 02:47:39 AM by Tco »
Logged

Tco

  • Level 1 Member
  • *
  • Posts: 2
Re: Mobile URL hack DCS-2121
« Reply #4 on: August 05, 2011, 02:52:35 AM »

After some searching I found a newer version which claims to resolve the lovebak.com issue.
Found it at:  ftp://203.126.164.142/DCS-2121/    (official D-link server ???)
From the release note:
DCS-2102/2121 Firmware Release Note

Version: 1.05_patch01-4927
Date: December 27, 2010
SVN Revision: 22417

Problems Resolved:
   Virus is detected when accessing camera via http://xxx.xxx.xxx.xxx/m.


Maybe I will download and try it out.

/TCo
Logged

Ruvane

  • Level 1 Member
  • *
  • Posts: 1
Re: Mobile URL hack DCS-2121
« Reply #5 on: January 06, 2012, 10:15:50 PM »

Smart phones and mobile devices fit our modern day pace like a glove. Having access to the Internet at all times and all places seems almost necessary in this ever more technical world. Many have eschewed PCs and laptops altogether and use cellular devices as their only means of accessing the Internet. But some say that we should be careful with the less-secure devices. Same topic here Mobile devices huge target for hackers in 2012 .Hackers are on their best techniques in doing cyber crimes. So that user's safe browsing is an effective way to prevent  them.
Logged

marcelofarias

  • Level 1 Member
  • *
  • Posts: 1
Re: Mobile URL hack DCS-2121
« Reply #6 on: January 18, 2012, 01:54:46 PM »

I have the same problem.
But who knows that ftp 203.126.164.142 is really a dlink oficial webserver ?
It can be a hacker server !!!
Logged