Smart home security cameras are supposed to allow you to keep an eye on your home while you’re away so strangers don’t invite themselves in. But what if those strangers can see what your camera sees? That is possible due to a security flaw in a camera from D-Link, Consumer Reports found.
The D-Link DCS-2630L was one of six home security cameras the publication tested. When it came to the data security and privacy section of the review, the D-Link device came up woefully short. The internet-connected camera can transmit unencrypted video footage across the web. The lack of proper encryption opens up the possibility that a stranger may intercept the transmissions and access the video content.
Consumer Reports said that that it hadn’t discovered any evidence of security breaches with the D-Link cameras that would suggest footage has been hijacked or viewed by a third party, but the fact that the issue exists is a black mark on the device. D-Link has promised to improve its security protocols and fix the issue that would potentially allow a hacker to see what is happening inside a house with a D-Link DCS-2630L.
Part of the issue is the D-Link camera doesn’t by default store footage on its own encrypted servers. Instead, the camera has its own onboard web server that can deliver video to you either via the Mydlink Lite app or by directly accessing the web server. While the Mydlink Lite app is encrypted and sends the video to the company’s servers and then to the user’s phone, the ability to directly access the footage from the web server is where the security shortcomings exist.
The web server doesn’t encrypt data from the camera and doesn’t require a password to access it. The web server could theoretically be discovered by anyone who finds the camera’s IP address.
In a support announcement published by D-Link, the company said it has already released a web portal update to eliminate the risk of “account enumeration.” The company has two firmware updates planned — one for mid-November and another for late December — that will address issues related with the security flaws.