Security Audit

Our Web Application Pentest ( WAP) attempts to address the Owasp top 10 & SANS top 20 web application vulnerabilities and other exploitable loopholes of your web application . Along with it our WAP team also test web applications for Business logic flaws that can directly or indirectly effect the functioning of application.

Trainings

We are here to help you solve your biggest query- where and how to start? CDI has brought various courses in Ethical Hacking in Chandigarh where all you technology lovers will be given the much needed push to move forward and create a niche for yourself in the field. From Beginner to Expert level we have many kinds of training patterns.

Call Us : +91-771045-0011 | +91-771045-0022

Amazon's Top Selling Product, D-Link Wifi Camera is Hackable!

A major vulnerability has been found by security researchers of Senrio (An IOT Security Startup) in Wifi Cameras of D-Link. According to the researchers, hackers could reset the password of D-Link Wifi Camera by exploiting this vulnerability. After resetting the password, hackers could completely control the video feed of the camera. D-Link Wifi camera is one from the highest selling products of Amazon. Now you can guess, there could be a number of potential victims. This vulnerability has been reported by Senrio’s security researchers and now they are working with D-Link to fix this security flaw.

 

What is the vulnerability?

D-Link is using many services in the Wifi camera, to execute remote commands.  There is a stack overflow vulnerability in one of these services. The vulnerable service is overwriting the return address of function by copying the data from an incoming string to stack buffer. Hackers could easily exploit this vulnerability by using a single command. The command should contain a custom assembly code only. According to the researchers D-Link’s DCS-930L cameras are highly vulnerable. These cameras are in high demand and people are using these cameras for home security.

 

This vulnerability allows a code injection by copying the assembly code to an executable address. Hackers could remotely reset the password by executing a special command. Expect a special custom coded command, nothing is required to a hacker to exploit the vulnerability. The camera should be connected to internet. Doesn’t matter it is a local area network connection or a personal area network connection.

 

Also read: Facebook Messenger have a Backdoor Vulnerability! Conversations are not safe!

Dlink Wifi camera was already in the news because there were a number of vulnerabilities, which were discovered by security researchers before this new stack overflow vulnerability. An unrestricted file uploading vulnerability was found by researchers last year in same DCS-930L camera. A backdoor vulnerability was also discovered by the researchers in January of this year.

 

How it will effect Victims?

  • By hacking these IP based cameras, hackers could control victim’s video feed. They could edit and remove the video logs and recording.
  • Hackers could make an entry into victim’s network and if they will found any other vulnerability, victim may face a huge loss.
  • Hackers could disable the cameras and victim should face a physical theft too. 

 

Leave a Reply

Name
Email id
Contact No
Comment

See more of Cyber Intelligence by logging in.
Connect with cyber security experts,Discover job opportunities,Online Training, Information Security Advisory and lot more.