There are back doors that can be abused by third parties in 80 models of Sony network cameras

An Austrian security company discovered that there is a back door in Sony's network camera that is often used for business purposes. When used by an attacker, arbitrary code can be executed with the camera, and if a footprint is made in the network, the function of the camera can be abused or the camera may be abused as part of the botnet .

SEC Consult: Backdoor in Sony IPELA Engine IP Cameras

JVNVU # 96435227: Vulnerability to multiple network camera products made by Sony

Researchers Find Fresh Fodder for IoT Attack Cannons - Krebs on Security

What has been pointed out is "IPELA engine IP camera", There are 80 kinds of applicable models.

According to Austrian security company · SEC Consult, it was possible to "hijack" the camera by utilizing the hidden account "primana" "debug" set in this camera. It gives confusion to the camera function, transmits captured images / movies,Botnet like MiraiThere is a possibility that it can be used also for the purpose of watching someone else besides misuse such as being added arbitrarily to you.

According to SCE Consult's Johannes Grihl, this hidden account is "a tip of the iceberg" and there is a possibility that other hidden functions may be loaded. The backdoor seems to have evidence that it was being used for four years at the latest, as someone discovered it in 2012 and the password is cracked.

In response to this vulnerability, Sony has released firmware that has taken countermeasures. If you are using Sony's network camera, please make sure that you are not using the model and update the firmware if applicable.

Important Notice on Products | Network Camera / Security & Surveillance System | Corporate Customers | Sony

By the way, a security companyCybereasonPointed out that many network cameras with no brands that are not made by Sony are incorporated in a part of the botnet.

Each camera is assigned a unique ID, it is written only on the bottom of the main body, so it should not be confirmed unless it is physically accessed, but the beginning part of the ID is 13 characters such as "MEYE" and "MCI" After being fixed in the column, the password is "888888" and the security is in the state of monkey. When installed in a network that is not protected by a firewall, it will be easily accessed via the net, and even if it is installed in the firewall, it will be abused by going through the cloud access function, so Cybereason's Lior Div warns us, "If you are using this camera, you should throw it out now."

Yoav Orot of Cybereason says "IoT's research is called" junk hacking "and there is a tendency to see it below, but if you want to prevent a botnet like Mirai in the future, that idea I am wrong. "

in Hardware,   Security, Posted by logc_nt