Skip to main content

Tenable Research Finds New Vulnerabilities in Popular Blink Smart Security Cameras

Written by Customer Service on . Posted in Public Companies.

COLUMBIA, Md., Dec. 10, 2019 (GLOBE NEWSWIRE) — Tenable®, Inc., the Cyber Exposure company, today announced that its research team has discovered seven severe vulnerabilities in Amazon-owned Blink XT2 security camera systems. If exploited, the vulnerabilities could give attackers full control of an affected device, allowing them to remotely view camera footage, listen to audio output and hijack the device for use in a botnet to perform, for example, distributed denial of service (DDoS) attacks, steal data or send spam.
According to Strategy Analytics, over 50 million smart home cameras were sold in 2018. However, these devices are also a potential gateway for bad actors to gain access to personal information and home networks. If exploited, the flaws in Blink XT2 allow an attacker to obtain sensitive information about the owner’s account, enabling them to view stored photographs and videos, add or remove devices from the account or block camera communications entirely.“Connected devices, like Blink cameras, are everywhere. Precisely for that reason, cybercriminals are focused on compromising them,” said Renaud Deraison, co-founder and chief technology officer, Tenable. “Manufacturers of IoT devices have an opportunity and an obligation to ensure that effective security is baked into the overall design from the start and not bolted on as an afterthought. This is especially critical when the device in question is a security camera. We thank Amazon for collaborating with us in this disclosure to ensure patches were released in a timely manner. Tenable Research continues to identify and disclose vulnerabilities across enterprise and consumer technology to keep everyone more secure.”As the attack surface expands with the adoption of connected devices, including IoT and operational technology (OT), foundational cybersecurity is paramount. Tenable is leading the charge by building the largest vulnerability intelligence knowledge base in the industry and one of the largest security research teams, which has surpassed its 100th zero-day discovery in 2019. Its extensive vulnerability research and expertise spans beyond traditional IT and includes everything from critical infrastructure to enterprise applications. Tenable works alongside vendors and the entire security community to identify, disclose and patch vulnerable technology to keep organizations and their customers more secure.Amazon has released patches for the vulnerabilities and users are urged to confirm their device is updated to firmware version 2.13.11 or later.For more information, visit the Tenable Research Medium blog.About TenableTenable®, Inc. is the Cyber Exposure company. Over 27,000 organizations around the globe rely on Tenable to understand and reduce cyber risk. As the creator of Nessus®, Tenable extended its expertise in vulnerabilities to deliver the world’s first platform to see and secure any digital asset on any computing platform. Tenable customers include more than 50 percent of the Fortune 500, more than 25 percent of the Global 2000 and large government agencies. Learn more at www.tenable.com.Contact Information:
Cayla Baker
Tenable
tenablepr@tenable.com
443-545-2102, x 1544

Disclaimer & Cookie Notice

Welcome to GOLDEA services for Professionals

Before you continue, please confirm the following:

Professional advisers only

I am a professional adviser and would like to visit the GOLDEA CAPITAL for Professionals website.

Important Notice for Investors:

The services and products offered by Goldalea Capital Ltd. are intended exclusively for professional market participants as defined by applicable laws and regulations. This typically includes institutional investors, qualified investors, and high-net-worth individuals who have sufficient knowledge, experience, resources, and independence to assess the risks of trading on their own.

No Investment Advice:

The information, analyses, and market data provided are for general information purposes only and do not constitute individual investment advice. They should not be construed as a basis for investment decisions and do not take into account the specific investment objectives, financial situation, or individual needs of any recipient.

High Risks:

Trading in financial instruments is associated with significant risks and may result in the complete loss of the invested capital. Goldalea Capital Ltd. accepts no liability for losses incurred as a result of the use of the information provided or the execution of transactions.

Sole Responsibility:

The decision to invest or not to invest is solely the responsibility of the investor. Investors should obtain comprehensive information about the risks involved before making any investment decision and, if necessary, seek independent advice.

No Guarantees:

Goldalea Capital Ltd. makes no warranties or representations as to the accuracy, completeness, or timeliness of the information provided. Markets are subject to constant change, and past performance is not a reliable indicator of future results.

Regional Restrictions:

The services offered by Goldalea Capital Ltd. may not be available to all persons or in all countries. It is the responsibility of the investor to ensure that they are authorized to use the services offered.

Please note: This disclaimer is for general information purposes only and does not replace individual legal or tax advice.