Who is watching whom with that D-Link security camera?
Security cameras for babies should help parents to relax by giving them an extra eye onto their little one’s activities. But unencrypted video streams and security issues to Man-in-the-Middle attacks in a popular D-Link camera are enough to keep a parent up at night.
What are WiFi security cameras and their typical problems
WiFi security cameras are usually defined as CCTV cameras that streams their video and audio coverage over an internet connection, enabling users to monitor a location from afar. They have been one of the most popular types of IoT devices to hit the market so far. Baby monitors such as D-Link HD Wi-Fi Baby Camera DCS 855L can have additional functionality beyond just the video to include measuring sound and temperature.
Common security issues for these smart security cameras and baby monitors are hard-coded or weak default passwords. These problems, combined with poor security practices during the device setup, have led to them being hacked or taken over by botnets to launch massive DDoS attacks.
Taking a deep look at a D-Link baby camera
The IoT Research Lab at Avira recently looked at the D-Link HD Wi-Fi Baby Camera DCS 855L and assessed the device and its network communication from a security perspective.
We found two significant issues:
- Weak authentication mechanism for the device set up. An attacker acting as a man-in-the-middle (MITM) agent can get access to the device credentials and subsequently control the device.
- Unencrypted video and audio streaming. An intruder can easily capture the audio and video streams from the device and spy on whatever the monitored children are doing.