- Jul 22, 2014
- 2,525
Hackers could use them to spy on you or launch other attacks
Security researchers have discovered that a number of 80 Sony IP camera models come with backdoors that could be used by attackers to spy on users or launch further attacks.
SEC Consult says that it reached out to Sony to report the issue in October and the company already released new firmware updates that patch the vulnerability. The researchers, however, believe that Sony added the backdoors on purpose “maybe as a way to debug the device during development or factory functional testing,” and the backdoors are not the result of an infection.
They, however, state that they discovered two different vulnerabilities, one of which affects the web interface which allows an attacker to connect to a camera with a Telnet service.
The second flaw makes it possible to compromise the root account, which means that an attacker to carries out a successful exploit would gain full control over a camera and can spy on users, disrupt functionality, add the device to a Mirai botnet, or send different photos and videos.
Hackers could break in from the intranet or Internet
The IP cameras that come with these backdoors are primarily aimed at businesses, and Sony urges everyone to deploy the new firmware updates to remain secure.
“SEC Consult recommends Sony and Sony customers to conduct a thorough security review of the affected products. It is essential to restrict access to IP cameras using VLANs, firewalls etc. Otherwise the risk of being a botnet victim (e.g. Mirai) is high,” the security report states.
more in the link above.
Security researchers have discovered that a number of 80 Sony IP camera models come with backdoors that could be used by attackers to spy on users or launch further attacks.
SEC Consult says that it reached out to Sony to report the issue in October and the company already released new firmware updates that patch the vulnerability. The researchers, however, believe that Sony added the backdoors on purpose “maybe as a way to debug the device during development or factory functional testing,” and the backdoors are not the result of an infection.
They, however, state that they discovered two different vulnerabilities, one of which affects the web interface which allows an attacker to connect to a camera with a Telnet service.
The second flaw makes it possible to compromise the root account, which means that an attacker to carries out a successful exploit would gain full control over a camera and can spy on users, disrupt functionality, add the device to a Mirai botnet, or send different photos and videos.
Hackers could break in from the intranet or Internet
The IP cameras that come with these backdoors are primarily aimed at businesses, and Sony urges everyone to deploy the new firmware updates to remain secure.
“SEC Consult recommends Sony and Sony customers to conduct a thorough security review of the affected products. It is essential to restrict access to IP cameras using VLANs, firewalls etc. Otherwise the risk of being a botnet victim (e.g. Mirai) is high,” the security report states.
more in the link above.