News

D-Link Wi-Fi Webcam Turned into a Network Backdoor

Vectra Networks researchers today released an article demonstrating how they turned a $30 D-Link Wi-Fi webcam into a backdoor onto its owner’s network. Installing a device like a networked webcam may seem like a riskless action, but when the device can allow hackers to access the same network it becomes far more worrying.

Typically, attacks on Internet of Things devices are considered a waste of time due to their lack of valuable onboard data and lack of resources to manipulate. Vectra showed that should hackers focus on and be able to compromise a device’s flash ROM, they could replace the running code with their own tools such as those to create a backdoor. It doesn’t have to be a remote hack either, with the report stating “Once we have such a flash image, putting it in place could involve ‘updating’ an already deployed device or installing the backdoor onto the device somewhere in the delivery chain – i.e. before it is received and installed by the end customer.”

The first step of the attack on the webcam was to dump the flash memory from the device for analysis. It could then be determined that the ROM contains a u-boot and a Linux kernel and image with software used to update the firmware. With this, the steps used to verify firmware updates could be reverse engineered to allow it to accept a rogue update containing a Linux proxy service while also disabling the ability to reflash in future so the back door could not be removed. With all this in place, the hacker would be able to inject his own attacks into the rest of the network and use it as a pipeline to extract stolen data.

Such a compromise would be incredibly hard to detect by the user as long as the backdoor code did not interfere with the device’s normal operations. Even then, there would be no way for the device to be recovered and would instead have to be disposed of and replaced with a clean one. D-Link is yet to issue a patch for this vulnerability, but it is not expected they will, as a true fix would require specialist chips to verify updates or a Trusted Platform Module.

It is worrying that as we bring so many more tiny networked computers into our homes, they are far more of a risk than they seem. Vulnerabilities in even the smallest network device can compromise the security of an entire network and should not be overlooked.

Alexander Neil

Disqus Comments Loading...

Recent Posts

RGB Gaming Mouse Mat Pad

【RGB LED Backlit】The rgb mouse mat has a true RGB backlit effect,there are 10 lighting…

15 hours ago

The Elder Scrolls: The Official Cookbook

Feast on all of the delicious offerings found in the world of Skyrim in this…

15 hours ago

Gigabyte GeForce RTX 4070 WINDFORCE OC 12GB Graphics Card

Supported Technologies: Supporting Nvidia DLSS 3, DLSS 2, ultra-efficient Ada Lovelace arch, full ray tracing,…

15 hours ago

MSI GeForce RTX 4070 GAMING X SLIM WHITE 12G Graphics Card

4.71138E+12 Item Weight: 1.5 kg Model Number: V513-274R Was £599.99 Now £534.98 Keep up with…

16 hours ago

Intel® Core™ i5-13400F Desktop Processor 10 cores

Intel’s new performance hybrid architecture integrates two core families into a single CPU, keeping everything in…

16 hours ago

AMD Ryzen 7 5800X Processor

CPU-core: 8, # of Threads: 16, Base clock: 3.8 GHz, maximal Boost Clock: up to…

16 hours ago