News

Eighty Sony ip camera models include debugging backdoor

By admin
Spread the love

Austrian security company SEC Consult has found a backdoor in the form of pre-programmed accounts in eighty Sony IP camera models. The Japanese company has now released a patch, which must be applied manually.

According to the security company, the backdoor is present in Sony’s Ipela Engine cameras, which are used by companies and governments. The backdoor made it possible for an attacker to run arbitrary code on the systems and thus further penetrate the network to which the camera is connected. In addition, the leak allows him to disable the camera, send manipulated videos and images, and add the cameras to a botnet like Mirai, the company said in its advisory.

The backdoor consists of two accounts, with users ‘debug’ and ‘primana’. For example, by sending an http request to a camera and using the primana account for authentication, it is possible to start up telnet on the device. After that, an attacker with cracked root credentials present on the device could gain administrative access. The researchers write that in addition to telnet, it is possible to log in via ssh. In their message, they state that Sony created the accounts on purpose for debugging purposes and that they do not come from a third party.

Investigative journalist Brian Krebs confirms what the researchers themselves already write. According to him, the cameras are an excellent target for a botnet like Mirai, which consists largely of IoT devices, such as IP cameras and digital video recorders. That this possibility is present is evident from the researchers’ findings that the backdoor was present in the cameras for at least four years. An internet scan by Krebs indicates that there are about 4250 vulnerable Sony cameras to be found. According to the SEC Consult researchers, this may only be ‘the tip of the iceberg’, as they only have a single search query so far.

According to SEC Consult’s timeline, Sony released a patch for the vulnerability in late November. These must be installed manually by users using the SNC Toolbox, which can be found on Sony’s site.

Vulnerable cameras, according to Sony

You might also like
Games

PlayStation has asked that all Gaming Heads merchandise be destroyed. Now your…

News

Blizzard will release certain games via Steam, starting with Overwatch 2

News

EU Council determines position on security requirements for digital products

News

Meta introduces open source language model Llama 2, works on PCs and phones

News

Logitech acquires stream controller maker Loupedeck

News

Brave sells web content as data for AI training