Surveillance Camera Flaws Let Hackers Snoop Too

Firmware flaws in a range of IP cameras have opened the way for hackers to spy on surveillance footage, researchers have warned.

A number of models made by D-Link, including surveillance cameras like the DCS-3410, as well as a number of consumer devices, are affected by a host of flaws uncovered by researchers, US firm Core Security said.

D-Link’s technology is used by organisations from all kinds of high-profile industries, including banking and health, so such flaws could expose highly sensitive footage.

Surveillance camera flaws

Amongst the five vulnerabilities uncovered is one that could allow a hacker to access the camera’s video stream via HTTP, affecting a range of consumer devices. Another could let an attacker access the video stream via RTSP (Real Time Streaming Protocol), and that affects all devices listed by Core in its advisory.

One of the other vulnerabilities could let hackers play around with cameras, sending arbitrary commands from the admin web interface.

One of the more bizarre hacks shown in a Core proof of concept could let the attackers look at the ASCII output showing the “luminance” of a camera’s footage. Below is an image of a coffee pot video stream as seen in the ASCII output, and below it is the real image:

D-Link was informed of the flaws on 19 March, promising patches will be ready imminently. It had not responded to a request for comment at the time of publication.

Core also found flaws in Vivotek IP cameras, which also opened up access to the video stream via RTSP, but not over HTTP.

The security firm tried to contact Vivotek about the flaws in early March, but has not yet received a response.

Vivotek had not responded to a request for comment at the time of publication.


D-Link provided TechWeek with the following statement on 1 May: “Security is of the utmost importance to D-Link across all product lines, including surveillance, networking, storage, and entertainment solutions. After being alerted to the vulnerabilities by CORE Security, D-Link worked quickly and diligently to create patches for the affected cameras. The beta firmware patches are available now and can be found at A full release of the  firmware will be available in approximately 30 days at”

Are you a security expert? Try our quiz!

Thomas Brewster

Tom Brewster is TechWeek Europe's Security Correspondent. He has also been named BT Information Security Journalist of the Year in 2012 and 2013.

Recent Posts

Google Fiber Plans US Network Expansion – Report

Google Fiber resurfaces. Network to be expanded to offer speedy internet connectivity to cities in…

4 hours ago

Samsung Unveils Two New Folding Smartphones

Foldable updates from Samsung. include new versions of its pocket sized square (Galaxy Z Flip…

4 hours ago

Facebook At Centre Of US Teenager Home Abortion Case

Court documents show Facebook provided police in the US state of Nebraska with a teenager's…

8 hours ago

President Biden Signs $53 Billion US Chips Act

President Joe Biden signs landmark bill to encourage chip makers to build more semiconductor manufacturing…

9 hours ago

WhatsApp Update To Allow Users To Leave Groups Silently

Privacy changes to WhatsApp. No more blanket notifications to a group if a user decides…

10 hours ago