This wireless security camera has a serious hijacking flaw
Web-connected cameras can be great security and monitoring tools that can keep your home safe. With a smartphone or a computer, these cameras allow you to view their live feeds over the internet, essential for home security, surveillance or for keeping an eye on children or pets. Cybercriminals also love them, which is why you need to know how hackers can get into your home security cameras.
But as we approach the age of these Internet of Things hacks, what if these webcams, which are supposed to make you feel safe and secure, have security holes themselves? What if someone can turn these cameras against you, and in turn, invade your own privacy?
That’s precisely what a new report has revealed. One of these flawed cameras may even be in your home right now!
This wireless camera lacks proper security
Consumer Reports just published its findings about the state of security and privacy of six wireless home security cameras from Amazon, Arlo, Canary, D-Link and Nest (two models). Among all the security cameras it reviewed, one particular model stood out, mainly because of a big glaring security flaw.
Based on CR’s evaluation, the D-Link DCS-2630L camera can transmit unencrypted video feeds over the web. This means it can potentially grant unauthorized parties access to its footage.
How so? Well, unlike the other cameras that store their footage on their respective manufacturer’s secure and encrypted cloud servers, the D-Link DCS-2630L stores its footage locally in its own built-in web server.
[content-egg module=Amazon products=”us-B00WBJGUA2″ template=custom/k3grid]
See, there are two ways to access the D-Link DCS-2630L’s footage. First, users can access the video securely via D-Link’s official app called “mydlink Lite.” With this method, the video is actually encrypted while it’s being sent to D-Link’s cloud servers then back to the smartphone app for viewing.
However, the second method bypasses the app completely as it allows you to access the camera’s footage directly through a web browser interface. The problem is that the camera’s local web server doesn’t encrypt the data nor does it require a unique password for access.
This means that if you enabled this camera’s remote access feature, anyone who can track and search for its public IP address can access its feed if you haven’t bothered to change its default password.
Thankfully, CR said that there is no evidence of security breaches on account of this particular D-Link camera weakness.
Wondering how hackers can get into your home security cameras? Poor passwords, for starters
This issue is actually a common problem with security cameras. Many people don’t realize that they also typically have web interfaces for remote access. The problem is that these usually ship with default credentials that are the same across all units.
Despite numerous warnings, most consumers and businesses still never bother changing their smart appliance or Internet-of-Things gadget’s default credentials after purchase.
If you have a connected camera, you must change the default administrator username and password. Actually, this goes for any smart appliance.
Do this by accessing the appliance’s hub (usually through a webpage or a smartphone app). If your smart appliance connects via the manufacturer’s website, make sure your password for their site is complex and unique.
Check for firmware updates regularly
In response, D-Link told CR that the D-Link DCS-2630L camera will get security updates in fall. Remember, the risk exists in cameras where the user enables remote access via a web browser. Maybe D-Link will disable this remote viewing feature permanently. Moving forward, it might route all traffic through its secure servers.
In fact, the company has already announced that it has released a web portal update to mitigate the issue.
D-Link is also planning on releasing the following firmware versions to resolve the remaining issues:
- Firmware version 1.05 – (mid-November) for Denial of Service, CSRF Protection, and Profiling
- Firmware version 1.06 – (late December) to strengthen Authentication and Password
Now you know how hackers can get into your home security cameras. Here are a few cybersecurity tips for anyone living in a smart home.
How to update the DCS-2630L camera’s firmware
If you own this camera, keep your eye out for these firmware versions. It’s good practice to check for firmware updates regularly, anyway. Here’s how to update the DCS-2630L camera’s firmware:
- Go to the D-Link’s official support page
- Download and save the latest firmware version on your computer’s hard drive.
- Access the camera’s web interface via a web browser, navigate to the “Maintenance” tab >> “Firmware Upgrade”
- Click the “Browse” button to locate the file.
- Click “Upload” to start the firmware upgrade process.
These repeated camera flaws and vulnerabilities reveal something huge. Our world is becoming increasingly connected. The smarter our homes become, the more we have to be smarter about our homes.
Click here to read Consumer Reports’ full evaluation.
Turning your house into a smart home is exciting but be careful! Listen to my Kim Komando Today podcast. You’ll learn how to watch for the warning signs so technology doesn’t take over your home.
Now you know how hackers can get into your home security cameras – Get more tips like this
Home security 101: Where to put cameras
6 essential features you need in a home security system
Smart home security camera safety tips to keep hackers out
Home security 101: How to hide a security camera from view
Tags: Amazon, cybercriminals, cybersecurity, hackers, internet, security, upgrades, web browser