Amazon's Top Selling Product, D-Link Wifi Camera is Hackable!

A major vulnerability has been found by security researchers of Senrio (An IOT Security Startup) in Wifi Cameras of D-Link. According to the researchers, hackers could reset the password of D-Link Wifi Camera by exploiting this vulnerability. After resetting the password, hackers could completely control the video feed of the camera. D-Link Wifi camera is one from the highest selling products of Amazon. Now you can guess, there could be a number of potential victims. This vulnerability has been reported by Senrio’s security researchers and now they are working with D-Link to fix this security flaw.

What is the vulnerability?

D-Link is using many services in the Wifi camera, to execute remote commands. There is a stack overflow vulnerability in one of these services. The vulnerable service is overwriting the return address of function by copying the data from an incoming string to stack buffer. Hackers could easily exploit this vulnerability by using a single command. The command should contain a custom assembly code only. According to the researchers D-Link’s DCS-930L cameras are highly vulnerable. These cameras are in high demand and people are using these cameras for home security.

This vulnerability allows a code injection by copying the assembly code to an executable address. Hackers could remotely reset the password by executing a special command. Expect a special custom coded command, nothing is required to a hacker to exploit the vulnerability. The camera should be connected to internet. Doesn’t matter it is a local area network connection or a personal area network connection.

Dlink Wifi camera was already in the news because there were a number of vulnerabilities, which were discovered by security researchers before this new stack overflow vulnerability. An unrestricted file uploading vulnerability was found by researchers last year in same DCS-930L camera. A backdoor vulnerability was also discovered by the researchers in January of this year.

How it will effect Victims?