Threat actors could gain complete control of the Amazon-owned security cameras to obtain personal information and launch further attacks
Tenable has announced that its research team has discovered seven severe vulnerabilities in Amazon-owned Blink XT2 security camera systems.
If exploited, the vulnerabilities could give attackers full control of an affected device, allowing them to remotely view camera footage, listen to audio output and hijack the device for use in a botnet to perform, for example, distributed denial of service (DDoS) attacks, steal data or send spam.
If exploited, the flaws in Blink XT2 allow an attacker to obtain sensitive information about the owner’s account, enabling them to view stored photographs and videos, add or remove devices from the account or block camera communications entirely.
“Connected devices, like Blink cameras, are everywhere. Precisely for that reason, cybercriminals are focused on compromising them,” said Renaud Deraison, co-founder and chief technology officer, Tenable. “Manufacturers of IoT devices have an opportunity and an obligation to ensure that effective security is baked into the overall design from the start and not bolted on as an afterthought. This is especially critical when the device in question is a security camera. We thank Amazon for collaborating with us in this disclosure to ensure patches were released in a timely manner. “
Amazon has released patches for the vulnerabilities and users are urged to confirm their device is updated to firmware version 2.13.11 or later.
As the attack surface expands with the adoption of connected devices, including IoT and operational technology (OT), foundational cybersecurity is paramount.
Tenable is leading the charge by building the largest vulnerability intelligence knowledge base in the industry and one of the largest security research teams, which has surpassed its 100th zero-day discovery in 2019. Its extensive vulnerability research and expertise spans beyond traditional IT and includes everything from critical infrastructure to enterprise applications.
Tenable works alongside vendors and the entire security community to identify, disclose and patch vulnerable technology to keep organizations and their customers more secure.