Support Announcements
Mydlink Mobile Application : 2020 Security Improvements

Overview

On February 25 2020, a 3rd party security researcher team, Nightwatch Cyber-security Research reported some security weakness with android and iOS mobile applciations that affected the mydlink mobile applciation .  These Vulnerabilities were confirmed and new releases were issued too close the issue. 


3rd Party Report information

 

          - Report providedNightwatch Cyber-security Research :: research _at_ nightwatchcybersecurity _dot_ com :: Disclosure Link

 
          - Reference :

 

                    Security Issue #1 - FLAG_SECURE not used :: FLAG_SECURE protects sensitive screens from being captured by other
                                                         applications taken as screenshots and shown unprotected.

 

                                                   - The login screen in the MyDlink and MyDlinkLite applications were found affected by this attack.

 

                   Security Issue #2 - Lack of full-time use of HTTPS Some calls in the MyDlink app happen without SSL which can

                                                        allow for injection. This was proven by by using a Man-in-the-Middle Testing proxy.

 

                                                   - MyDlink and MyDlinkLite applications were found affected by this attack.

           

 Affected Models

 

Model Supported Operating System
Affected FW Fixed App Recommendation  Last Updated
mydlink Mobile Application
iOS v1.10.1 & Below v1.11.0  Update from App. Store 03/12/2020
mydlink Mobile Application Android v1.10.1 & Below v1.11.0 Update from App. Store 03/10/2020

  

Regarding Security patch for your D-Link Devices
 
These mobile applciation updates address the security vulnerabilities . D-Link will update this continually and we strongly recommend all users to install the relevant updates.
 
 
As there are different hardware revisions on our products, please check this on your device before downloading the correct corresponding firmware update. The hardware revision information can usually be found on the product label on the underside of the product next to the serial number. Alternatively, they can also be found on the device web configuration.