One of D-Link’s most popular cameras amongst consumers, the DCS-2132L, is found to have multiple vulnerabilities that open the door for different attack methods. Man-in-the-Middle attacks are one of the more serious efforts that attackers could take advantage of when it comes to these cameras. If performed correctly, attackers could view recorded videos with minimal effort. Through research, it was discovered that videos that were previously recorded or were currently being streamed were being sent to the cloud unencrypted and from there they are then sent to the client-side viewer app. The app and the camera transfer data through port 2048 on a proxy server and only a small amount of the traffic is encrypted, so if the communication is breached important information such as MAC addresses, camera IP, version information, as well as audio and video streams from the device can be obtained. A separate issue found in the browser plug-in “mydlink services” could be detrimental to the stability of the device as well. This vulnerability could allow unauthorized access to the camera’s web interface through any application or on the client’s computer. The legitimate firmware could also be replaced with a faulty backdoor version. After being reported yesterday, some of the vulnerabilities have been dealt with but D-Link still has work to do.
By Anthony Zampino Introduction Leading up to the most recent Russian invasion of Ukraine in