Update Amazon Blink Cameras To Fix Security Vulnerabilities

December 21, 2019

Written by wukovits

Do you have a home security system that incorporates Amazon’s Blink XT2 cameras?

If so, be advised that researchers at Tenable Security recently identified several serious security flaws that would allow an attacker to take control of the cameras remotely and use them to spy on you and your family.

The security issues are centered in the cameras’ Sync Module. It acts as a bridge between the camera itself and the cloud and allows users to divide their camera suite into discrete zones that cover different parts of the home. It also allows them to activate the cameras located in various zones at different times throughout the day and night.

Unfortunately, these vulnerabilities allow an attacker to selectively activate or deactivate cameras and view archived footage.

The researchers had this to say about the issue:

“When checking for updates, the device first obtains an update helper script (sm_update) from the web, and then immediately runs the content of this script with zero sanitation.  If an attacker is able to MitM this request (either directly or indirectly – through some sort of DNS poisoning or hijacking) they can modify the contents of this response to suit their own needs or desires.

The most obvious attack scenario for this flaw would be some sort of insider threat – babysitters, house or pet sitters, Airbnb guests, or anyone else with somewhat privileged access to your home.”

The good news is that Amazon has moved quickly to address the issue and has already issued a firmware update.  All you need to do at this point is check your Blink XT2 cameras to be sure they’re running firmware version 2.13.11 or later.

However, there’s a caveat. If your camera has already been compromised, it won’t automatically receive the firmware update. In that case, you’ll likely need to hire an expert to manually force the update.  Be sure to check the firmware version of your cameras as soon as possible.  You don’t want your security system to be used against you.

Used with permission from Article Aggregator

Bayou Tech

We provide solutions for your business. Find out how we can help.

Related Articles

Some Amazon Device Features May Have Security Risks

Have you heard of Amazon Sidewalk? If not, it's definitely something you should be aware of. Depending on your point of view, the new feature, which was enabled by default on a wide range of Amazon devices by default on June 8 of this year (2021) is either...

Email Unsubscribe Scam Can Easily Fool Any User

Scammers are increasingly relying on a tried and true bit of social engineering to fool unsuspecting users into unwittingly signing up to receive a flood of additional spam email. They accomplish this by blasting out an email asking recipients if they wish to...

Update VMWare Software Immediately To Avoid Possible Attack

The US Cybersecurity and Infrastructure Security Agency recently issued a warning to all companies running VMware Vcenter Server and VMware Cloud Foundation. They are asking them to download and apply the latest security patches as soon as possible because attackers...

Send us a message

Your message was sent.