D-Link recently discovered that two of its code signing certificates were misappropriated. Upon discovery, we immediately decommissioned the certificates and investigated the issue. Like several other companies in Asia, D-Link was victimized by a highly active cyber espionage group which has been using PLEAD Malware to steal confidential information from companies and organizations based in East Asia, particularly in Taiwan, Japan, and Hong Kong. The two affected D-Link certificates were revoked, effective July 3rd, 2018. New certificates have been issued to resolve this problem.
Accreditation and Coordination
1. Anton Cherepanov, Senior Malware Researcher, ESET, llc.
2. Trend Micro Incorporated
The following certificates have been revoked:
1. sha1RSA certificate
‧ Issued by Symantec Class 3 SHA256 Code Signing CA
‧ Serial Number: 01 a5 86 a9 5b 44 60 9e 9f ae 25 f9 27 79 62 d6
‧ sha1 Thumbprint: 28 b7 4f b9 84 ee 71 e6 e4 04 dc c8 ce 0d c9 0d 77 43 bf a9
‧ Valid from June 22, 2018 08:00 AM PST (GMT -8:00) to September 21, 2018 07:59:59 AM PST (GMT -8:00)
2. sha1RSA certificate
‧ Issued by Symantec Class 3 SHA256 Code Signing CA
‧ Serial Number: 13 03 03 e4 57 0c 27 29 09 e2 65 dd b8 59 de ef
‧ sha1 Thumbprint: f0 f5 58 b8 1a f3 e9 83 a4 12 a0 f7 c8 0a c7 2a 1f ce 0c 0a
‧ Valid from September 30, 2016 8:00 AM PST (GMT -8:00) to October 01, 2019 07:59:59 AM PST (GMT -8:00)
Most D-Link customers will not be affected by this issue. However, if you have concerns, please check your mydlink mobile application, your local D-Link Support website, or http://www.mydlink.com.
Affected Products
| Model |
H/W |
Curent Ver. |
Scheduled New Ver. |
Fixed Firmware
|
Comment |
| DNR-202L |
Ax |
V2.04.03 |
V2.04.04 |
Released |
Completed: Issue Closed |
| DNR-312L |
Ax |
V1.07.09 |
V1.07.10 |
Released |
Completed: Issue Closed |
| DNR-322L |
Ax |
V2.4b03 |
V2.5b01 |
Released |
Completed: Issue Closed |
| DNR-322L |
Bx |
V3.01.04 |
V3.01.05 |
|
|
| DNR-326 |
Ax |
V2.6b01 |
V2.7b01 |
Released |
Completed: Issue Closed |
| DCS-935L |
A1 |
1.11 |
1.12 |
|
|
| DCS-960L |
A1 |
1.06 |
1.07 |
|
|
| DCS-6004L |
A2 |
1.03 |
1.04.31 |
Released |
Completed: Issue Closed |
| DCS-5009L |
Ax |
1.08 |
1.09 |
|
|
| DCS-5010L |
Ax |
1.14 |
1.15 |
Released |
Please Use mydlink mobile application for update |
| DCS-5020L |
Ax |
1.14 |
1.15 |
Released |
Please Use mydlink mobile application for update |
| DCS-5025L |
Ax |
1.03 |
1.04 |
Released |
Please Use mydlink mobile application for update |
| DCS-5029L |
Ax |
1.14b02 |
1.15b05 |
Released |
Please Use mydlink mobile application for update |
| DCS-5030L |
Ax |
1.04 |
1.05 |
Released |
Please Use mydlink mobile application for update |
| DCS-6045L |
Ax |
1.02 |
1.03 |
|
|
| DCS-930L |
Ax |
1.16 |
1.17 |
|
|
| DCS-930L |
Bx |
2.15 |
2.16 |
Released |
Please Use mydlink mobile application for update |
| DCS-931L |
Ax |
1.14 |
1.15 |
Released |
Please Use mydlink mobile application for update |
| DCS-932L |
Ax |
1.14 |
1.15 |
|
|
| DCS-932L |
Bx |
2.16 |
2.17 |
Released |
Please Use mydlink mobile application for update |
| DCS-933L |
Ax |
1.14 |
1.15 |
Released |
Please Use mydlink mobile application for update |
| DCS-934L |
Ax |
1.05 |
1.06 |
Released |
Please Use mydlink mobile application for update |
Recommendations:
1. New firmware for affected models are being developed and tested. The mydlink mobile application will notify you to update for registered cameras in the event of a new firmware release.
2. This issue will not affect the mydlink mobile applications. This certificate revocation affects viewing and configuring the camera from within a web-browser.
3. if you require the use of the web-browser, you can reconfigure your browser temporarily to ignore the revoked cert.
Please note regarding option 3: These settings should be treated as temporary. We recommend only reconfiguring
your system during the use of the camera through a web-browser, and then returned back to default for validating the certicate.
For Mac OSX:
Go System Preferences> Java> Advanced> Perform signed code certificate revocation checks on, select "Do not check (not recommended)"
For Windows:
Go Control Panel> All Control Panel Items>Java> Advanced> Perform signed code certificate revocation checks on, select "Do not check (not recommended)"
D-Link takes the issues of network security and user privacy very seriously. We have a dedicated task force and product management team on call to address evolving security issues and implement appropriate security measures. D-Link will continuously provide updates signed using our new digital certificates.