D-Link is working to fix a weakness that allows attackers to take over remote control of one of its cameras so they can eavesdrop, and the company is checking whether others of its products have similar vulnerabilities.
The vulnerability allows for the injection of malicious code and forces a password reset, which means attackers can gain remote access to the camera’s feed, thereby enabling eavesdropping, according to Senrio, a startup that monitors devices, scores how vulnerable they are and alerts when it detects suspicious behavior.
It also means that regardless of how strong a password users set up, it can be overridden.
The camera – D-Link DCS-930L Network Cloud Camera – might not be the only device affected by the vulnerability, a spokesperson for Senrio says. “Senrio has also agreed to evaluate a number of additional D-link products to assess if the vulnerability can be found in the firmware in those items,” the spokesperson said in an email.