News

D-Link Wi-Fi Webcam Turned into a Network Backdoor

Vectra Networks researchers today released an article demonstrating how they turned a $30 D-Link Wi-Fi webcam into a backdoor onto its owner’s network. Installing a device like a networked webcam may seem like a riskless action, but when the device can allow hackers to access the same network it becomes far more worrying.

Typically, attacks on Internet of Things devices are considered a waste of time due to their lack of valuable onboard data and lack of resources to manipulate. Vectra showed that should hackers focus on and be able to compromise a device’s flash ROM, they could replace the running code with their own tools such as those to create a backdoor. It doesn’t have to be a remote hack either, with the report stating “Once we have such a flash image, putting it in place could involve ‘updating’ an already deployed device or installing the backdoor onto the device somewhere in the delivery chain – i.e. before it is received and installed by the end customer.”

The first step of the attack on the webcam was to dump the flash memory from the device for analysis. It could then be determined that the ROM contains a u-boot and a Linux kernel and image with software used to update the firmware. With this, the steps used to verify firmware updates could be reverse engineered to allow it to accept a rogue update containing a Linux proxy service while also disabling the ability to reflash in future so the back door could not be removed. With all this in place, the hacker would be able to inject his own attacks into the rest of the network and use it as a pipeline to extract stolen data.

Such a compromise would be incredibly hard to detect by the user as long as the backdoor code did not interfere with the device’s normal operations. Even then, there would be no way for the device to be recovered and would instead have to be disposed of and replaced with a clean one. D-Link is yet to issue a patch for this vulnerability, but it is not expected they will, as a true fix would require specialist chips to verify updates or a Trusted Platform Module.

It is worrying that as we bring so many more tiny networked computers into our homes, they are far more of a risk than they seem. Vulnerabilities in even the smallest network device can compromise the security of an entire network and should not be overlooked.

Alexander Neil

Disqus Comments Loading...

Recent Posts

Still Wakes the Deep 

LIVE THE HORROR: An immersive disaster story aboard a stunningly realised North Sea oil rig,…

3 hours ago

PHILIPS 275V8LA – 27 Inch QHD Monitor

The Philips VA LED display uses an advanced multi-domain vertical alignment technology that gives you…

3 hours ago

EPOMAKER Ajazz AK820 Pro 75% Gasket-mounted Mechanical Keyboard 

【TFT Screen: The Interactive Interface】This 75% mechanical keyboard comes equipped with a TFT Screen, serving…

3 hours ago

Funko Fusion

FANDOM FUSION Play as your favorite characters and wield their unique weapons and skills. Team…

3 hours ago

Shin Megami Tensei V: Vengeance Standard Edition

The Definitive Version of Shin Megami Tensei V - Fully evolved with stunning visuals for…

3 hours ago

Hand Warmers Rechargeable 2 Pack

【Unique Split Design】5200mAh hand warmers rechargeable together with double-sided heating function, split snap swivel design,…

3 hours ago