Bugs Discovered Leading to Backdoors in Sony White Box Cameras - How to, Technology and PC Security Forum | SensorsTechForum.com
NEWS

Bugs Discovered Leading to Backdoors in Sony White Box Cameras

OFFER

SCAN YOUR PC
with SpyHunter

Scan Your System for Malicious Files
Note! Your computer might be affected by Sony White Box and other threats.
Threats such as Sony White Box may be persistent on your system. They tend to re-appear if not fully deleted. A malware removal tool like SpyHunter will help you to remove malicious programs, saving you the time and the struggle of tracking down numerous malicious files.
SpyHunter’s scanner is free but the paid version is needed to remove the malware threats. Read SpyHunter’s EULA and Privacy Policy

pc-issues-stforum Brand new vulnerabilities have been revealed concerning the IP White Box cameras made by Sony. Two primary alerts have popped out this week concerting the IP cameras, suggesting the IoT security is beginning to become a widespread problem for both consumers and companies as well.

News broke out at SEC Consult, claiming in their research that there is a backdoor that was discovered in several IP Cameras made by Sony. These backdoors allow for the ones attacking the devices to control the fully and use them to either attack other devices in their network or to spy directly via them. IT may also allow for altering of the image and disconnecting the camera via a cyber-attack, like DDoS, for example. The price of those cameras ranges from $500 to thousands of dollars.

As soon as the issue was discovered, the company has released an update to the firmware of those devices specifically oriented towards patching this issue.

Further analysis after SEC Consult discovered the exploits has resulted in the discovery of hard-coded credentials located in the firmware. One of those credentials was used to control user accounts and the other one was pointed towards direct administrative god-mode type of access (root). The names of the two accounts were respectively:

  • primana
  • debug
  • Texttt
  • Texttt
  • Texttt
  • Texttt
  • Texttt

After infections it really comes down to the imagination of the attacker. One scenario is that these could be used to access neighbor devices via the Telnet protocol or SSH protocol if the software for cracking SSH is available at the dispose of the cyber-criminals. This can result in taking control of key devices such as switches or multilayer switchers and routers as well as important AP’s which can result of a full control of an organization’s network.

Hackers Could Manipulate Cameras’ Image

One of the discovered accounts, named “primana” also had administrative access to control the picture of the camera and control to physically alter where the camera is pointing at. Other privileges used by these cameras allow for organizations to take advantage of the heater of the cameras, more importantly activate it and deactivate it.

Everyone who is using these cameras is strongly advised to update their firmware with the latest by Sony. Furthermore, to secure the devices it is also recommended to create a VLAN whitelist and further secure firewalls as well.

Zero Days Bugs Discovered as Well

Another alert concerning IP cameras notifies about two zero-day bugs, discovered by Cybereason.

One of those bugs has the ability to enable the sharing of information with the IoT device and to bypass any authentication present. This exploit can be performed to get a hacker access to important information, like passwords used to access the hacked and other IoT devices connected to it. And the password strength does not play any role in this, meaning that no matter how strong your password is, it can still be hacked via this zero-day bug.

This leads to the second bug which was discovered, which allows for an external third-party to somehow gain access to the login screen to the cameras, where the hacked passwords and credentials can be entered to gain access to the device.

Ventsislav Krastev

Ventsislav has been covering the latest malware, software and newest tech developments at SensorsTechForum for 3 years now. He started out as a network administrator. Having graduated Marketing as well, Ventsislav also has passion for discovery of new shifts and innovations in cybersecurity that become game changers. After studying Value Chain Management and then Network Administration, he found his passion within cybersecrurity and is a strong believer in basic education of every user towards online safety.

More Posts - Website

Leave a Comment

Your email address will not be published. Required fields are marked *

Time limit is exhausted. Please reload CAPTCHA.

Share on Facebook Share
Loading...
Share on Twitter Tweet
Loading...
Share on Google Plus Share
Loading...
Share on Linkedin Share
Loading...
Share on Digg Share
Share on Reddit Share
Loading...
Share on Stumbleupon Share
Loading...