Three vulnerabilities were found in the Blink XT2 model of home security cameras, although only one seems to be an issue for customers. To take advantage of the first vulnerability, attackers must have physical access to the camera and provide hard-coded credentials that would provide them control. For the customer-facing issue, attackers have the potential to carry out man-in-the-middle attacks if the camera asks for software updates or network information. The third and final flaw that was discovered is associated with improperly sanitized network parameters passed to the camera. Researchers at Blink state that more information pertaining to the vulnerabilities will be released soon but for the time being they should make sure the firmware is updated to version 2.13.11 or later.
Analyst Notes
“Internet of Things” (IoT) devices connected to a home network should be continuously monitored in order to reduce the risk of vulnerabilities being exploited. Many IoT devices cannot be completely secured—for those devices, a better security strategy is to isolate the vulnerable devices on their own wireless network, tightly control access to that network with strict firewall rules, and treat the IoT network as untrusted to keep attackers from using an exploit of an IoT device to gain access into the full network. All IoT devices should also always be updated as soon as the latest versions become available. More information can be found here: https://cyware.com/news/vulnerabilities-spotted-in-blink-home-security-cameras-16383da0
