As part of its ongoing commitment to evaluate information security and privacy when reviewing IoT devices (previously), Consumer Reports has published a scathing review of D-Link's home security camera.
D-Link's DCS-2630L was one of half a dozen cameras evaluated in a process that included consideration of privacy policies, network monitoring, vulnerability analysis -- 50 indicators in total.
Five of the cameras used encrypted transport to send their video to cloud servers; the D-Link stored the video locally and allowed you to stream it, but did not always encrypt these streams, and allowed access to the streams without a unique password.
None of the cameras tested had decent privacy policies that spelled out all the ways your footage would be used; this is particularly disturbing, given that they are meant to run in your home.
Testers at CR haven’t learned of any security breaches as a result of the D-Link problem. But most consumers may never realize they’re vulnerable, says Robert Richter, who leads security and privacy testing in CR’s labs. “It’s like a half-open door to hackers that should be closed,” he says.
In response to a Consumer Reports query, D-Link said that security would be tightened through updates this fall. Consumer Reports will evaluate those updates once they are available. The main security risk is triggered only if the owner decides to view the video through a web browser—you can use the camera more securely by sticking to D-Link's mobile app.
D-Link Camera Poses Data Security Risk, Consumer Reports Finds
[Jerry Beilinson/Consumer Reports]
(Image: Cryteria, CC-BY)
Yes, irony is dead. The Washington Post reports that Presidential Daddy Daughter Ivanka Trump used a personal email account to receive and send emails about her work for the government of the United States.
Berlin-based security researcher Sébastien Kaul discovered that Voxox (formerly Telcentris) -- a giant, San Diego-based SMS gateway company -- had left millions of SMSes exposed on an Amazon cloud server, with an easily queried search front end that would allow attackers to watch as SMSes with one-time login codes streamed through the service.
Researchers at NYU and U Michigan have published a paper explaining how they used a pair of machine-learning systems to develop a "universal fingerprint" that can fool the lowest-security fingerprint sensors 76% of the time (it is less effective against higher-security sensors).
The key to learning any new language is feedback. When you’re immersed in conversation, it’s easy to pick up key phrases and pronunciation, but not all of us have the means to jet off to Spain, France or wherever we can learn to speak like a local. The next best thing: The Mondly app. Mondly […]
Got a gadget-minded geek on your holiday list this year? Don’t wait for Black Friday. The prices are already dropping on some quality tech toys, and we’ve got a roundup of some of our favorites. Force Flyers DIY Building Block Drone MSRP: $49.99 | Normally: $42.99 | Price Drop: $39.99 (20% Off) Compatible with everybody’s […]
Ever wondered what it takes to make the transition from amateur photography to a full career? If you answered “a better camera,” you’re half right. Before you get the equipment, get the know-how to use it with the Hollywood Art Institute Photography Course & Certification. Taught by experienced pros, this course is geared towards shutterbugs […]