A security vulnerability has come to light in D-link networked products. This vulnerability allows someone with hacking knowledge to easily overwrite administrator passwords in home Wi-Fi cameras. The remote execution flaw makes it easy to access devices and add new users with admin access to the interface as well as download malicious firmware or reconfigure products. Basically losing all control without ever knowing it.
The Senrio research team reported the vulnerability lies within the latest firmware update issued to the D-Link DCS-930L Network Cloud Camera. The flaw is by a stack overflow problem located in DCP service which listens to commands on Port 5978.
“The vulnerable function copies data from an incoming string to a stack buffer, overwriting the return address of the function,” Senrio says.
“This vulnerability can be exploited with a single command which contains custom assembly code and a string crafted to exercise the overflow. The function first copies the assembly code to a hard-set, executable, address. Next, the command triggers the stack overflow and sets the value of the function’s return address to the address of the attacker’s assembly code.”
At the moment 5 of the cameras in the D-Link product line are vulnerable to this flaw. Using the Internet of Things search engine it is estimated that 414,949 devices are open to attack. Over 120 products are recorded as open, which includes routers, modems, access points, and storage products. According to Senrio, the vulnerability points toward a larger issue of poorly written firmware components used in cheap Systems on Chips (SoCs).
Senrio goes on to say.. “Adoption [of IoT devices] is driven by business rationale but the security exposure is often overlooked. The techniques used to find the WiFi Camera vulnerability are also used to identify vulnerabilities in medical and industrial devices used in hospitals, nuclear power plants, and factories. And often those devices receive just as little security scrutiny as this webcam.”
D-Link said it will be coming up with a patch soon, and that older D-Link models will need to be pulled from the Internet altogether or the owners of said devices will need to accept the risk..
If you would like to educate yourself in more detail about the information presented in this blog post please visit : www.zdnet.com