Researchers found three broad types of vulnerabilities, one of which should be particularly concerning to consumers.

Dark Reading Staff, Dark Reading

December 11, 2019

1 Min Read

Amazon's popular Blink home security cameras come packed with more than most consumers bargain for, including a variety of attack vectors that could allow criminals to hijack cameras and Blink accounts.

Researchers at Tenable found three separate vectors of attack — one of limited practicality, one of interest primarily to researchers, and one that actually poses a risk to consumers. The first involves physical access to the device, in which case the Blink camera's design makes it very easy to connect to the device, provide hard-coded credentials, and control the device.

The second vulnerability would allow attackers to launch a man-in-the-middle attack based on the camera's request for software updates or network information. The third, and most serious, involves network parameters passed to the camera that are not properly "sanitized" before being executed.

Tenable recommends that all Blink camera users allow automatic updates so the devices are kept up to date on software patches. The researchers say that they will provide more details on how to find and recognize already compromised cameras in the near future.

For more, read here.

Edgepromohorizontal.jpgCheck out The Edge, Dark Reading's new section for features, threat data, and in-depth perspectives. Today's top story: "Security 101: What Is a Man-in-the-Middle Attack?"

About the Author(s)

Dark Reading Staff

Dark Reading

Dark Reading is a leading cybersecurity media site.

Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.

You May Also Like

More Insights