Skip to main content

Blink's XT2 security camera can be hacked: What to do now

(Image credit: Blink)

At least one model of Blink security cameras has several serious security flaws that need to be fixed by a firmware update. 

The flaws could let hackers take complete control of the cameras and let them view camera footage, listen to live audio feeds or even use the cameras to attack other devices.

Researchers from security firm Tenable found seven different vulnerabilities in the Blink XT2, the most recent model from the home-security-camera company that was bought by Amazon two years ago.

Like many smart-home and Internet of Things (IoT) devices, the Blink XT2 can be hacked into if you get physical access, and also during the initial Wi-Fi setup process. As Tenable admits in its report, neither of these is "a major concern for everyday consumers" because the windows of opportunity for attackers are very small.

More seriously, you can also hack into the Blink XT2 after it's set up because it reaches out to web servers when checking for firmware updates and network information. The problem is that it accepts any kind of server response without verifying its source, leaving the device open to a "man in the middle" network-based attack. 

To make sure your Blink XT2 security camera is protected from these threats, make sure its firmware is updated to version 2.13.11. The firmware version should be indicated in the setting part of the Blink Home Monitor companion mobile app. 

If you're not sure about the firmware version, simply power-cycle the camera by removing and then replacing the batteries. The camera should reach out to Blink's servers for the latest firmware when it powers back on.