Gjoko Krstic, a security researcher with Zero Science Labs, has discovered secret hard-coded accounts in thermal security cameras manufactured by FLIR Systems, Inc., one of the largest vendor of such products.
According to Krstic, the backdoor accounts "are never exposed to the end-user and cannot be changed through any normal operation of the camera."
There are several ways that FLIR customers can protect themselves. The easiest one is to prevent access to these cameras from the Internet by placing the devices behind a firewall until the vendor issues a patch.
FLIR is a well-known brand for security cameras. Its thermal cameras are nothing more than regular IP-based security cameras with the extra feature of being able to function in thermal mode during night time.
FLIR's thermal camera imaging capabilities have been recently used to film the "Walk On Water" music video by famous rock band 30 Seconds to Mars.
