As part of its ongoing commitment to evaluate information security and privacy when reviewing IoT devices (previously), Consumer Reports has published a scathing review of D-Link's home security camera.
D-Link's DCS-2630L was one of half a dozen cameras evaluated in a process that included consideration of privacy policies, network monitoring, vulnerability analysis -- 50 indicators in total.
Five of the cameras used encrypted transport to send their video to cloud servers; the D-Link stored the video locally and allowed you to stream it, but did not always encrypt these streams, and allowed access to the streams without a unique password.
None of the cameras tested had decent privacy policies that spelled out all the ways your footage would be used; this is particularly disturbing, given that they are meant to run in your home.
Testers at CR haven’t learned of any security breaches as a result of the D-Link problem. But most consumers may never realize they’re vulnerable, says Robert Richter, who leads security and privacy testing in CR’s labs. “It’s like a half-open door to hackers that should be closed,” he says.
In response to a Consumer Reports query, D-Link said that security would be tightened through updates this fall. Consumer Reports will evaluate those updates once they are available. The main security risk is triggered only if the owner decides to view the video through a web browser—you can use the camera more securely by sticking to D-Link's mobile app.
D-Link Camera Poses Data Security Risk, Consumer Reports Finds
[Jerry Beilinson/Consumer Reports]
(Image: Cryteria, CC-BY)
“Researchers conclude that Zoom uses non-industry-standard cryptographic techniques with identifiable weaknesses and is not suitable for sensitive communications.”
The suddenly popular videoconferencing app Zoom has issued a patch for a vulnerability in its Windows client that allowed attackers to steal the user’s Windows login credentials from malicious chat links. Hi @zoom_us & @NCSC – here is an example of exploiting the Zoom Windows client using UNC path injection to expose credentials for use […]
Everyone is using Zoom for everything from pandemic family gatherings to A.A. meetings to therapy sessions to teaching college classes, but the app has newly revealed and very concerning security vulnerabilities. The contents of thousands of video calls made on the app Zoom were exposed on the open web, and easily available via common web […]
If you’ve never heard of WooCommerce, it’s essential the way small businesses operate in WordPress, the world’s most popular web content management system. With WooCommerce, web entrepreneurs can set up and run an e-commerce store, selling products, accepting payments and safeguarding privacy for both buyers and sellers. As the engine behind 35 percent of all […]
Can’t sit still during the pandemic? You’re not alone. Many folks are using their social distancing time to decompress and zone out on Tiger King, some even pushing back against the idea of being productive. But plenty of others find themselves bored, restless, and in need of projects and goals, somewhere to direct their energy. […]
Even if you don’t miss much else about the office right now, there’s a good chance your home laptop is making you nostalgic for the added efficiency of that pair of monitors on your desk at work to spread out your workflow. There’s no telling how long the new normal may continue to be the […]