Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Comments
DropCam Vulnerable To Hijacking
Newest First  |  Oldest First  |  Threaded View
Kelly Jackson Higgins
100%
0%
Kelly Jackson Higgins,
User Rank: Strategist
7/17/2014 | 12:04:26 PM
DropCam CEO and co-founder responds
Physical access is definitely the bottom line with this research, as the Synack guys said in the story. 

I just added comments from DropCam CEO and co-founder Greg Duff, who reiterates that as well. See updated section of the article. Thanks!
SgS125
100%
0%
SgS125,
User Rank: Ninja
7/16/2014 | 9:39:29 AM
Re: HA! That's a lot of bunk. GET YOUR FACTS STRAIGHT
Ok I give, what exactly is a "facebook hacker".

Long rant with little substance.

My original comment would have been, if I have physical access to any device it's game over, and the device can be mesed with.  Really is'nt that true for any device, even ATM machines, Doors, Cars?

Oh well I still really want to know what the heck a facebook hacker is.

 

 
Kelly Jackson Higgins
100%
0%
Kelly Jackson Higgins,
User Rank: Strategist
7/16/2014 | 9:21:38 AM
UPDATE
I confirmed with DropCam last night that they have patched the Heartbleed client-side bug, and users get the updates automatically.
Kelly Jackson Higgins
50%
50%
Kelly Jackson Higgins,
User Rank: Strategist
7/15/2014 | 4:01:48 PM
Re: DropCam fixes in the works
Just got a message that I will be talking to DropCam this evening. =)

Sara, there have been no known attacks that the researchers know of. It would require the attacker to gain physical access to the device, of course.
Kelly Jackson Higgins
50%
50%
Kelly Jackson Higgins,
User Rank: Strategist
7/15/2014 | 3:59:32 PM
Re: DropCam fixes in the works
I have not yet spoken directly with DropCam. I've been trying. =) They indicated they would talk to me yesterday, but no word yet and I don't know how they've handled this with their customers. It depends if they've got a software update/patch ready, which was unclear to the researchers as of yesterday.
Sara Peters
50%
50%
Sara Peters,
User Rank: Author
7/15/2014 | 3:53:00 PM
Oh my
"The bottom line is that a targeted DropCam could be hijacked to steal information and to wage other attacks."  Is there anything that can't be hijacked anymore? 

Kelly have the researchers given any indication of how prevalent/likely this kind of attack is? Is it mainly theoretical at this point?
Marilyn Cohodas
50%
50%
Marilyn Cohodas,
User Rank: Strategist
7/15/2014 | 3:48:07 PM
DropCam fixes in the works
I'm glad to read that they are working on fixes, but have they notified consumers of the probllem?
YewN926
0%
100%
YewN926,
User Rank: Apprentice
7/15/2014 | 3:31:59 PM
HA! That's a lot of bunk. GET YOUR FACTS STRAIGHT
It is a travesty to the world of technology that articles like this are posted, just when Dropcam gets some attention, you want to suck some of it for yourself. Well, go ahead and keep on sucking. And, how safe is your site, by the way, Facebook hackers out there be advised, DARKreading can be exposed to the light of day- Oh Yeah, but who really cares? No reason for DARKreading writers to come out of their safety closet....Their articles of fiction and name-dropping B (NOT C+) players are not a real market grabbing commodity, dream on, you, whoever you are I can't remember the author's name. I see your video java stuff is all messed up - could you be forgetting to test on a variety of browsers? Go back to grammar school..


Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
2020: The Year in Security
Download this Tech Digest for a look at the biggest security stories that - so far - have shaped a very strange and stressful year.
Flash Poll
Assessing Cybersecurity Risk in Today's Enterprises
Assessing Cybersecurity Risk in Today's Enterprises
COVID-19 has created a new IT paradigm in the enterprise -- and a new level of cybersecurity risk. This report offers a look at how enterprises are assessing and managing cyber-risk under the new normal.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-12512
PUBLISHED: 2021-01-22
Pepperl+Fuchs Comtrol IO-Link Master in Version 1.5.48 and below is prone to an authenticated reflected POST Cross-Site Scripting
CVE-2020-12513
PUBLISHED: 2021-01-22
Pepperl+Fuchs Comtrol IO-Link Master in Version 1.5.48 and below is prone to an authenticated blind OS Command Injection.
CVE-2020-12514
PUBLISHED: 2021-01-22
Pepperl+Fuchs Comtrol IO-Link Master in Version 1.5.48 and below is prone to a NULL Pointer Dereference that leads to a DoS in discoveryd
CVE-2020-12525
PUBLISHED: 2021-01-22
M&M Software fdtCONTAINER Component in versions below 3.5.20304.x and between 3.6 and 3.6.20304.x is vulnerable to deserialization of untrusted data in its project storage.
CVE-2020-12511
PUBLISHED: 2021-01-22
Pepperl+Fuchs Comtrol IO-Link Master in Version 1.5.48 and below is prone to a Cross-Site Request Forgery (CSRF) in the web interface.