in the D-Link cloud camera that enabled attackers to hijack and intercept the
camera in order to gain access to the live video streaming as well as recorded videos
by means of communicating over unencrypted channel between the camera and the
cloud and between the cloud and the client-side viewer app.
the camera built up over a proxy server utilizing a TCP tunnel which is the
only place the traffic is encrypted. This blemish enables an attacker to play
out a Man-in-the-Middle attack and intercept the said connection with the
intend to spy on the victims’ video streams.
sensitive content, like the camera IP and MAC addresses, version information,
video and audio streams, and the extensive camera information are going through
the unencrypted tunnel.
source boa web server source code file called request.c which is dealing with
the HTTP solicitation to the camera. For this situation, all the approaching
HTTP demands or requests that handle by this file elevated to admin enabling
the attacker to gain a total device access.
needed since the HTTP requests to the camera’s web server are automatically
elevated to admin level when accessing it from a localhost IP (viewer app’s
localhost is tunneled to camera localhost).”
more, this weakness lets the hackers to supplant the real firmware with their
own fixed or backdoored variant.
who is sitting amidst the system traffic between the viewer application and the
cloud or between the cloud and the camera, can see the HTTP demands or requests
for the video and audio packets utilizing the data stream of the TCP connection
on the server and accordingly answer and recreate these captured packets
Breach of Security and Privacy