D-Link WiFi camera vulnerabilities allow access to user recordings

A WiFi camera (model DCS-2123L) designed by the manufacturer D-Link contains critical vulnerabilities that would allow a hacker to intercept and visualize the recordings stored on the device, in addition to altering the firmware, as mentioned by cyber forensics course specialists. The company has not completely corrected the flaws in this camera, which is one of D-Link’s most popular models.

One of these vulnerabilities can even generate the ideal conditions for deploying a Man-in-the-Middle (MiTM) attack, as reported by cyber forensics course specialists for over half a year. The problem might be related to the lack of encryption in the video transmissions between the camera and the platform in the D-Link cloud; fails in the application for camera users may also be related to these vulnerabilities.

The camera communicates with the application for users via proxy server on port 2048, using a TCP tunnel based on the custom D-Link tunneling protocol. The problem is that only part of that traffic is encrypted, leaving other data to be exposed as IP address requests, audio and video streams, as well as information about the device.

The vulnerability is also related to the use that D-Link makes the source code of the open source web server Boa, which stopped receiving support over ten years ago, mentioned the cyber forensics course experts.

Using a MiTM attack, a threat actor could intercept network traffic and access the TCP connection data stream on port 2048, gaining access to audio and video packets. 

Although the company has already addressed some of its security errors, the corrections made so far are still insufficient, considered specialists from the International Institute of Cyber Security (IICS).

Although the MyDlink plugin seems to have been updated satisfactorily, other flaws still persist. According to the reports, the latest available version of the firmware was launched in 2016, so it does not correct other known failures after that date, so the legitimate firmware could be easily manipulated.