Amazon’s Blink Smart Security Cameras Open to Hijack- Comment

Forensics
1

It has been reported that Amazon’s Blink security cameras are open to hijack. The flaws could enable attackers without access to the devices to view camera footage, listen to audio output and hijack the device for use in a botnet, Tenable researchers disclosed on Tuesday. Amazon has been notified of the flaws and is rolling out patches. Overall, seven CVEs were disclosed in Blink. The most serious vulnerability is a command injection flaw stemming from the sync module update (CVE-2019-3984), which exists in Blink’s cloud communication endpoints for providing updates to devices or obtaining network information.

Commenting on this, Jonathan Kudsen, senior security strategist at Synopsys, said “The Internet of Things (IoT) continues to be a fertile breeding ground for network vulnerabilities. IoT devices are a perfect storm in terms of cybersecurity, as manufacturers are typically trying to achieve maximum functionality with the absolute minimum time and investment. 

One way to save money (in the short term!) and get products to market fast is to skimp on security, both in the product design phase as well as implementation and testing. Another way is to make heavy use of open source components, which can have their own vulnerabilities that get exposed in your product.
In the long term, of course, neglecting security during product development always ends in tears–or in this case, bad headlines. The long term consequences of ignoring security will always outweigh the short term gains. Savvy manufacturers use a Secure Development Life Cycle (SDLC) to minimise their risk when creating software products.”

 

(1)

Share

Article Link: http://digitalforensicsmagazine.com/blogs/?p=2917