Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Comments
DropCam Vulnerable To Hijacking
Newest First  |  Oldest First  |  Threaded View
Kelly Jackson Higgins
Kelly Jackson Higgins,
User Rank: Strategist
7/17/2014 | 12:04:26 PM
DropCam CEO and co-founder responds
Physical access is definitely the bottom line with this research, as the Synack guys said in the story. 

I just added comments from DropCam CEO and co-founder Greg Duff, who reiterates that as well. See updated section of the article. Thanks!
SgS125
SgS125,
User Rank: Ninja
7/16/2014 | 9:39:29 AM
Re: HA! That's a lot of bunk. GET YOUR FACTS STRAIGHT
Ok I give, what exactly is a "facebook hacker".

Long rant with little substance.

My original comment would have been, if I have physical access to any device it's game over, and the device can be mesed with.  Really is'nt that true for any device, even ATM machines, Doors, Cars?

Oh well I still really want to know what the heck a facebook hacker is.

 

 
Kelly Jackson Higgins
Kelly Jackson Higgins,
User Rank: Strategist
7/16/2014 | 9:21:38 AM
UPDATE
I confirmed with DropCam last night that they have patched the Heartbleed client-side bug, and users get the updates automatically.
Kelly Jackson Higgins
Kelly Jackson Higgins,
User Rank: Strategist
7/15/2014 | 4:01:48 PM
Re: DropCam fixes in the works
Just got a message that I will be talking to DropCam this evening. =)

Sara, there have been no known attacks that the researchers know of. It would require the attacker to gain physical access to the device, of course.
Kelly Jackson Higgins
Kelly Jackson Higgins,
User Rank: Strategist
7/15/2014 | 3:59:32 PM
Re: DropCam fixes in the works
I have not yet spoken directly with DropCam. I've been trying. =) They indicated they would talk to me yesterday, but no word yet and I don't know how they've handled this with their customers. It depends if they've got a software update/patch ready, which was unclear to the researchers as of yesterday.
Sara Peters
Sara Peters,
User Rank: Author
7/15/2014 | 3:53:00 PM
Oh my
"The bottom line is that a targeted DropCam could be hijacked to steal information and to wage other attacks."  Is there anything that can't be hijacked anymore? 

Kelly have the researchers given any indication of how prevalent/likely this kind of attack is? Is it mainly theoretical at this point?
Marilyn Cohodas
Marilyn Cohodas,
User Rank: Strategist
7/15/2014 | 3:48:07 PM
DropCam fixes in the works
I'm glad to read that they are working on fixes, but have they notified consumers of the probllem?
YewN926
YewN926,
User Rank: Apprentice
7/15/2014 | 3:31:59 PM
HA! That's a lot of bunk. GET YOUR FACTS STRAIGHT
It is a travesty to the world of technology that articles like this are posted, just when Dropcam gets some attention, you want to suck some of it for yourself. Well, go ahead and keep on sucking. And, how safe is your site, by the way, Facebook hackers out there be advised, DARKreading can be exposed to the light of day- Oh Yeah, but who really cares? No reason for DARKreading writers to come out of their safety closet....Their articles of fiction and name-dropping B (NOT C+) players are not a real market grabbing commodity, dream on, you, whoever you are I can't remember the author's name. I see your video java stuff is all messed up - could you be forgetting to test on a variety of browsers? Go back to grammar school..


Edge-DRsplash-10-edge-articles
I Smell a RAT! New Cybersecurity Threats for the Crypto Industry
David Trepp, Partner, IT Assurance with accounting and advisory firm BPM LLP,  7/9/2021
News
Attacks on Kaseya Servers Led to Ransomware in Less Than 2 Hours
Robert Lemos, Contributing Writer,  7/7/2021
Commentary
It's in the Game (but It Shouldn't Be)
Tal Memran, Cybersecurity Expert, CYE,  7/9/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
Improving Enterprise Cybersecurity With XDR
Enterprises are looking at eXtended Detection and Response technologies to improve their abilities to detect, and respond to, threats. While endpoint detection and response is not new to enterprise security, organizations have to improve network visibility, expand data collection and expand threat hunting capabilites if they want their XDR deployments to succeed. This issue of Tech Insights also includes: a market overview for XDR from Omdia, questions to ask before deploying XDR, and an XDR primer.
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2022-26135
PUBLISHED: 2022-06-30
A vulnerability in Mobile Plugin for Jira Data Center and Server allows a remote, authenticated user (including a user who joined via the sign-up feature) to perform a full read server-side request forgery via a batch endpoint. This affects Atlassian Jira Server and Data Center from version 8.0.0 be...
CVE-2017-20122
PUBLISHED: 2022-06-30
A vulnerability classified as problematic was found in Bitrix Site Manager 12.06.2015. Affected by this vulnerability is an unknown functionality of the component Contact Form. The manipulation of the argument text with the input <img src="http://1"; on onerror="$(â€&tra...
CVE-2017-20123
PUBLISHED: 2022-06-30
A vulnerability was found in Viscosity 1.6.7. It has been classified as critical. This affects an unknown part of the component DLL Handler. The manipulation leads to untrusted search path. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. ...
CVE-2017-20124
PUBLISHED: 2022-06-30
A vulnerability classified as critical has been found in Online Hotel Booking System Pro Plugin 1.0. Affected is an unknown function of the file /front/roomtype-details.php. The manipulation of the argument tid leads to sql injection. It is possible to launch the attack remotely. The exploit has bee...
CVE-2017-20125
PUBLISHED: 2022-06-30
A vulnerability classified as critical was found in Online Hotel Booking System Pro 1.2. Affected by this vulnerability is an unknown functionality of the file /roomtype-details.php. The manipulation of the argument tid leads to sql injection. The attack can be launched remotely. The exploit has bee...