Brand new vulnerabilities have been revealed concerning the IP White Box cameras made by Sony. Two primary alerts have popped out this week concerting the IP cameras, suggesting the IoT security is beginning to become a widespread problem for both consumers and companies as well.
News broke out at SEC Consult, claiming in their research that there is a backdoor that was discovered in several IP Cameras made by Sony. These backdoors allow for the ones attacking the devices to control the fully and use them to either attack other devices in their network or to spy directly via them. IT may also allow for altering of the image and disconnecting the camera via a cyber-attack, like DDoS, for example. The price of those cameras ranges from $500 to thousands of dollars.
As soon as the issue was discovered, the company has released an update to the firmware of those devices specifically oriented towards patching this issue.
Further analysis after SEC Consult discovered the exploits has resulted in the discovery of hard-coded credentials located in the firmware. One of those credentials was used to control user accounts and the other one was pointed towards direct administrative god-mode type of access (root). The names of the two accounts were respectively:
- primana
- debug
- Texttt
- Texttt
- Texttt
- Texttt
- Texttt
After infections it really comes down to the imagination of the attacker. One scenario is that these could be used to access neighbor devices via the Telnet protocol or SSH protocol if the software for cracking SSH is available at the dispose of the cyber-criminals. This can result in taking control of key devices such as switches or multilayer switchers and routers as well as important AP’s which can result of a full control of an organization’s network.
Hackers Could Manipulate Cameras’ Image
One of the discovered accounts, named “primana” also had administrative access to control the picture of the camera and control to physically alter where the camera is pointing at. Other privileges used by these cameras allow for organizations to take advantage of the heater of the cameras, more importantly activate it and deactivate it.
Everyone who is using these cameras is strongly advised to update their firmware with the latest by Sony. Furthermore, to secure the devices it is also recommended to create a VLAN whitelist and further secure firewalls as well.
Zero Days Bugs Discovered as Well
Another alert concerning IP cameras notifies about two zero-day bugs, discovered by Cybereason.
One of those bugs has the ability to enable the sharing of information with the IoT device and to bypass any authentication present. This exploit can be performed to get a hacker access to important information, like passwords used to access the hacked and other IoT devices connected to it. And the password strength does not play any role in this, meaning that no matter how strong your password is, it can still be hacked via this zero-day bug.
This leads to the second bug which was discovered, which allows for an external third-party to somehow gain access to the login screen to the cameras, where the hacked passwords and credentials can be entered to gain access to the device.