The world’s top e-commerce company announced that it had issued a solution to address security issues found in some of its Blink home camera systems, most notably the Blink XT2 camera system. Tenable Inc., a cybersecurity firm, found the flaws that could allow hackers to hijack the devices.
Tenable said that it had found seven vulnerabilities in the system, which it considered severe. The defects would allow hackers full control over the security systems, which would allow the attackers to review the camera footage from a remote location.
The worst flaw found was a command injection that stemmed from a sync module update. The vulnerability exists in the security system’s cloud communication endpoints that issued updates to devices or obtained network information.
Attackers could conceivably modify the content to fulfill their objectives.
Renaud Deraison, Tenable’s co-founder, said: “Connected devices, like Blink cameras, are everywhere. Precisely for that reason, cybercriminals are focused on compromising them. Manufacturers of IoT devices have an opportunity and an obligation to ensure that effective security is baked into the overall design from the start and not bolted on as an afterthought. This is especially critical when the device in question is a security camera.”
An Amazon representative commented, “Customers have received automatic security updates addressing these issues for impacted devices.”
The e-commerce giant issued patches and advised users to confirm that their devices are updated to firmware version 2.13.11 or later. Upgrading to the latest versions offers optimal protection against potential threats. In most cases, updates are automatic, but consumers should ensure that updates are carried out.
James Sebree, an engineer at Tenable, noted that it could be challenging to detect devices that are already compromised. In this case, it would require technical expertise to inspect the home security systems for rogue functionality and verify the integrity of the firmware.
Amazon purchased Blink towards the end of 2017 for $90 million.