Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!

 



Forgot your password?
typodupeerror
Sony Privacy Security

Backdoor Accounts Found in 80 Sony IP Security Camera Models (pcworld.com) 55

Many network security cameras made by Sony could be taken over by hackers and infected with botnet malware if their firmware is not updated to the latest version. Researchers from SEC Consult have found two backdoor accounts that exist in 80 models of professional Sony security cameras, mainly used by companies and government agencies given their high price, PCWorld reports. From the article: One set of hard-coded credentials is in the Web interface and allows a remote attacker to send requests that would enable the Telnet service on the camera, the SEC Consult researchers said in an advisory Tuesday. The second hard-coded password is for the root account that could be used to take full control of the camera over Telnet. The researchers established that the password is static based on its cryptographic hash and, while they haven't actually cracked it, they believe it's only a matter of time until someone does. Sony released a patch to the affected camera models last week.
This discussion has been archived. No new comments can be posted.

Backdoor Accounts Found in 80 Sony IP Security Camera Models

Comments Filter:
  • by Anonymous Coward
    Could I log in through the backdoor account, hack the camera to display the same image continuously on a loop, and then waltz into the vault and load up my satchel with valuables? Count me in!
  • Lorex security cameras just as bad max password is 6 characters

  • by gQuigs ( 913879 ) on Wednesday December 07, 2016 @12:48PM (#53441107) Homepage

    I'd like to buy an IP camera, but I haven't been able to find any that are as open/secure/clearly* supported than a raspberry pi with a camera board (and motion software). I'd rather buy a complete solution than put it together myself though.

    Requirements:
    * Not require the cloud. (Happy if the feature exists as long as it has an off switch)
    * Have an OS that has a stated support period (of at least 3 years)
    * Sent a video feed to other device on my network.
    * 720p+
    * Ideal budge Less than $100

    Ideally it would have an Open Source OS that I can replace if I want, but does everything I need so I never want to...

    • by sims 2 ( 994794 )

      No idea but i'd like some of those too.

    • The first result in my Google search for "open ip camera firmware" looked pretty promising, so I'm guessing you have another requirement that none of those cameras meet? Using the open firmware DOES mean upgrading from the factory firmware, is that a major issue?

      > Sent a video feed to other device on my network.

      If your firewall or vlan restricts it to your local network only, how important is future firmware support? If it works today, with a standard/open protocol such as mpeg, and it's not connecte

      • by gQuigs ( 913879 )

        >Using the open firmware DOES mean upgrading from the factory firmware, is that a major issue?

        I did review openipcam.com before asking, but yes, I would prefer if the camera vendor was actually involved.

        >If your firewall or vlan restricts it to your local network only, how important is future firmware support? If it works today, with a standard/open protocol such as mpeg, and it's not connected to the internet, what future upgrades can be so important?

        Good point. In the simple case this would just me

    • by tlhIngan ( 30335 )

      I'd like to buy an IP camera, but I haven't been able to find any that are as open/secure/clearly* supported than a raspberry pi with a camera board (and motion software). I'd rather buy a complete solution than put it together myself though.

      Check out the UBNT UniFi cameras. They can work standalone, but work much better when you connect them to their DVR software (which runs on Java, so works on Linux, Windows, OS X ,etc). Better yet, all you use to view and configure it is... a web browser.

      So the camera

    • by guruevi ( 827432 )

      You're not going to find a 'good' IP camera sub-$100. Axis makes (or at least made a few years ago) some awesome devices running Linux, publishing sources etc. Some Netgear is good too although video quality is bad and getting sources is also horrendous. Other than that, I haven't seen anything 'good' recently unless you go old school analog and use a DVR.

    • by fisted ( 2295862 )

      1. put $camera on seaprate vlan
      2. don't route to/from it from the interwebs
      3. stop caring about OS support period
      4. ???
      5. video feeds!

      literally the only requirement is that it, as you say, does not *require* "the cloud". but i guess most cameras can operate more or less on their own. (?)

    • by antdude ( 79039 )

      Ditto. Also, wireless.

  • by adosch ( 1397357 ) on Wednesday December 07, 2016 @12:57PM (#53441169)

    So hard-coded credentials AND MF telnet? Seriously ladies and gentlemen, WTF is slapping the OS stack on these IoT devices? Was someone just that lazy with their firmware we couldn't take that out of busybox/toybox or heaven forbid strip that out of the development pipeline when you're cutting out the production firmware for mass use? I realize it's handy when you're developing it, but this is just lunacy anymore. I thought we all went over this as hardened, grey sys-admins now that telnet had died a long time ago in the 90's...

    I don't even think I want to get started about hard-coded credentials, and I'm not going to. All I can say now is: Thanks for making it unbelievably EASY for anyone putting yet another bot network to compromise more low hanging fruit. Even if it's not used in that, I'm sure all the Shodan [shodan.io] fans will love it.

    I'm just whine-ranting now, but is anyone has F blown away as me that shit like this STILL continues to happen?

  • Not just Sony (Score:3, Informative)

    by product_bucket ( 3503967 ) on Wednesday December 07, 2016 @01:00PM (#53441189)

    Lots of the big name security brands are running the same basic NetSurveillance WEB firmware underneath their skinned interface. I'm thinking particularly of the brand that makes flight data recorders... and cordless doorbells. I wonder if people would pay serious money for a IPTV network if they knew it's just a re-badged Mirai host.

    How do I know? They hit me 24/7, I'll be worried about the connectivity of the internet if they ever stop.

  • WTF does a company need with 80 models of cameras? Isn't 57 enough?
  • [quote]Sony released a patch to the affected camera models last week.[/quote]

    Don't buy it. As far as Sony was concerned, this was a "feature" they agreed to put in the camera to allow access by state actors. The feature only become a security bug once the public found out about the program.

  • by mr_mischief ( 456295 ) on Wednesday December 07, 2016 @01:31PM (#53441393) Journal

    So the company that put Windows rootkits on Redbook audio CDs puts backdoors in other products? Stunning!

    The company that sold the PSP 1000 to early adopters at $250+ per unit based on all the things it would be able to do with expansions, then released expansions that only worked with later models doesn't take their customers' needs seriously? Shocking!

    The company that advertised Linux on the PlayStation 3 then made it impossible to use Linux if you installed most of the newer PS/3 games stomps on their promises? Inconceivable!

    Or... oh, wait... no, that's not it. The surprising part is that anybody trusts these shady jerks at all.

  • Not cracked (Score:4, Interesting)

    by plover ( 150551 ) on Wednesday December 07, 2016 @02:18PM (#53441803) Homepage Journal

    So they have an MD5 hash, but don't know what value hashes to it. They have no idea if it's a 10 character '1234567890' password or a 64 character string of random bytes. They also know that it's not a string that Google has already found and cached. The only clue they have to go on is the existing backdoor they found that turns telnet on, which uses 11 random ASCII characters as the secret. But 11 characters are almost out of reach for brute force password testing. If the person who put the backdoor in applied only the same amount of thought to the secret password, that would still be a monster to attack with brute force.

    So I disagree that it's a matter of time. I think it's a matter of defeating it in another way, such as having Wireshark running when someone who actually knows the password types it in; or uncovering a wikileaked document that contains the secret backdoor password.

  • It never ceases to amaze me when I read about such exploitable devices only to find out that the exploitable service should not exist in any way shape or form on the device to begin with. Telnet? Telnet? It's like the people designing these things are all proud that they got Linux up and running on it on only their fifth try, and the watched then movie Hackers as a reference for configuring it.
  • I wish I could say "I'm shocked!", but I can't because I'm not.

  • Nobody who has at least a passing interest in security buys Sony products anymore, and everyone else very obviously doesn't care about security.

I haven't lost my mind -- it's backed up on tape somewhere.

Working...