Amazon's popular Blink home security cameras come packed with more than most consumers bargain for, including a variety of attack vectors that could allow criminals to hijack cameras and Blink accounts.
Researchers at Tenable found three separate vectors of attack — one of limited practicality, one of interest primarily to researchers, and one that actually poses a risk to consumers. The first involves physical access to the device, in which case the Blink camera's design makes it very easy to connect to the device, provide hard-coded credentials, and control the device.
The second vulnerability would allow attackers to launch a man-in-the-middle attack based on the camera's request for software updates or network information. The third, and most serious, involves network parameters passed to the camera that are not properly "sanitized" before being executed.
Tenable recommends that all Blink camera users allow automatic updates so the devices are kept up to date on software patches. The researchers say that they will provide more details on how to find and recognize already compromised cameras in the near future.
For more, read here.