Update Amazon Blink Cameras To Fix Security Vulnerabilities - Olmec Skip to main content

Update Amazon Blink Cameras To Fix Security Vulnerabilities

By December 21, 2019May 9th, 2022Cybersecurity

Do you have a home security system that incorporates Amazon’s Blink XT2 cameras?

If so, be advised that researchers at Tenable Security recently identified several serious security flaws that would allow an attacker to take control of the cameras remotely and use them to spy on you and your family.

The security issues are centered in the cameras’ Sync Module. It acts as a bridge between the camera itself and the cloud and allows users to divide their camera suite into discrete zones that cover different parts of the home. It also allows them to activate the cameras located in various zones at different times throughout the day and night.

Unfortunately, these vulnerabilities allow an attacker to selectively activate or deactivate cameras and view archived footage.

The researchers had this to say about the issue:

“When checking for updates, the device first obtains an update helper script (sm_update) from the web, and then immediately runs the content of this script with zero sanitation.  If an attacker is able to MitM this request (either directly or indirectly – through some sort of DNS poisoning or hijacking) they can modify the contents of this response to suit their own needs or desires.

The most obvious attack scenario for this flaw would be some sort of insider threat – babysitters, house or pet sitters, Airbnb guests, or anyone else with somewhat privileged access to your home.”

The good news is that Amazon has moved quickly to address the issue and has already issued a firmware update.  All you need to do at this point is check your Blink XT2 cameras to be sure they’re running firmware version 2.13.11 or later.

However, there’s a caveat. If your camera has already been compromised, it won’t automatically receive the firmware update. In that case, you’ll likely need to hire an expert to manually force the update.  Be sure to check the firmware version of your cameras as soon as possible.  You don’t want your security system to be used against you.

Chris Forte

Chris Forte, President and CEO of Olmec Systems, has been in the MSP workspace for the past 25 years. Chris earned his Master’s Degree from West Virginia University, graduating Magna Cum Laude. He was a past member of the Entrepreneurs’ Organization, a current member of the New Jersey Power Partners and Executive Association of New Jersey, where he has previously served on its board of directors. In his spare time, Chris enjoys traveling with his family. He also admits to being a struggling golfer and avid watcher of college football and basketball. He currently lives in Boonton Township, NJ with his wife, two daughters, son, and black lab Luna.