Thursday, March 28, 2024

D-Link Camera Vulnerability let Hackers Hijack the Camera and Tap the Video Streaming

Critical vulnerability in D-Link cloud camera allows attackers to hijack and intercept the camera to see the live video streaming and recorded videos.

Researchers discovered that the D-Link camera communicate over unencrypted channel between the camera and the cloud and between the cloud and the client-side viewer app.

This flaw could allows an attacker to perform a Man-in-the-Middle attack and intercept the connection to spy on victims’ video streams.

The communication request between app and the camera establish over proxy server using a TCP tunnel where the only place the traffic is encrypted.

But some of the other sensitive content such as camera IP and MAC addresses, version information, video and audio streams, and extensive camera info are passing through the unencrypted tunnel.

The vulnerability resides in D-Link customized open source boa web server source code file called request.c is handling the HTTP request to the camera.

In this case, all the incoming HTTP request that handle by this file elevated to admin allow attacker to gain complete device access.

Another vulnerability discovered in the web browser plug-in called “mydlink services” that helps users to play the live playback via client web browser and it also manages the creation of the TCP tunnel where the plug-in forwarding requests for the video and audio data streams. refer the video demonstration blow,

According to ESET research, The tunnel is made available for the whole operating system, so any application or user on the client’s computer can simply access the camera’s web interface by a simple request (only during the live video streaming) to hxxp://127.0.0.1:RANDOM_PORT/.

“No authorization is needed since the HTTP requests to the camera’s web server are automatically elevated to admin level when accessing it from a localhost IP (viewer app’s localhost is tunneled to camera localhost).”

This vulnerability let hackers to replace the legitimate firmware with their own rigged or backdoored version.

An attacker who is sitting in the middle of the network traffic between the viewer app and the cloud or between the cloud and the camera, can see the HTTP requests for the video and audio packets using the data stream of the TCP connection on the server.

Later attackers can reply and reconstruct this captured packets at any time and the same way attacker obtain the current audio or video stream from that camera using following steps,

  1. Identify the traffic that represents video streams. This traffic consists of multiple blocks of data, each block having a specific header and defined length.
  2. Separate the data parts from the headers.
  3. Finally, the parts of the video are merged into one file.

Playing the video files obtained this way can be a little tricky as they are in a raw streaming format instead of a container file format. However, some media players can handle these raw formats if run with the appropriate command line switches ESET said.

You can follow us on LinkedinTwitterFacebook for daily Cybersecurity updates also you can take the Best Cybersecurity courses online to keep your self-updated.

Also Read:

ATM Skimming Attack – Scammers Hijack ATM’s built-in Security Camera to Steal User’s PIN

4 Million Android Users Infected by Malicious Beauty Camera App From Google Play that Steals Personal Pictures

28-year-old Romanian Woman Pleads Guilty for Hacking 126 Computers Associated With Surveillance Cameras

Website

Latest articles

Wireshark 4.2.4 Released: What’s New!

Wireshark stands as the undisputed leader, offering unparalleled tools for troubleshooting, analysis, development, and...

Zoom Unveils AI-Powered All-In-One AI Work Workplace

Zoom has taken a monumental leap forward by introducing Zoom Workplace, an all-encompassing AI-powered...

iPhone Users Beware! Darcula Phishing Service Attacking Via iMessage

Phishing allows hackers to exploit human vulnerabilities and trick users into revealing sensitive information...

2 Chrome Zero-Days Exploited at Pwn2Own 2024: Patch Now

Google has announced a crucial update to its Chrome browser, addressing several vulnerabilities, including...

The Moon Malware Hacked 6,000 ASUS Routers in 72hours to Use for Proxy

Black Lotus Labs discovered a multi-year campaign by TheMoon malware targeting vulnerable routers and...

Hackers Actively Exploiting Ray AI Framework Flaw to Hack Thousands of Servers

A critical vulnerability in Ray, an open-source AI framework that is widely utilized across...

Chinese Hackers Attacking Southeast Asian Nations With Malware Packages

Cybersecurity researchers at Unit 42 have uncovered a sophisticated cyberespionage campaign orchestrated by two...
Balaji
Balaji
BALAJI is an Ex-Security Researcher (Threat Research Labs) at Comodo Cybersecurity. Editor-in-Chief & Co-Founder - Cyber Security News & GBHackers On Security.

Mitigating Vulnerability Types & 0-day Threats

Mitigating Vulnerability & 0-day Threats

Alert Fatigue that helps no one as security teams need to triage 100s of vulnerabilities.

  • The problem of vulnerability fatigue today
  • Difference between CVSS-specific vulnerability vs risk-based vulnerability
  • Evaluating vulnerabilities based on the business impact/risk
  • Automation to reduce alert fatigue and enhance security posture significantly

Related Articles