Bogues découverts menant à backdoors dans Sony White Box Cameras - Comment, Forum sur la sécurité PC et la technologie | SensorsTechForum.com
CYBER NOUVELLES

Bogues découverts menant à backdoors dans Sony White Box Cameras

1 Star2 Stars3 Stars4 Stars5 Stars (Pas encore d'évaluation)
Loading ...

pc-questions-stforum Brand new vulnerabilities have been revealed concerning the IP White Box cameras made by Sony. Deux alertes primaires ont surgi cette semaine concertant les caméras IP, suggesting the IoT security is beginning to become a widespread problem for both consumers and companies as well.

News broke out at SEC Consult, claiming in their recherche that there is a backdoor that was discovered in several IP Cameras made by Sony. These backdoors allow for the ones attacking the devices to control the fully and use them to either attack other devices in their network or to spy directly via them. IT may also allow for altering of the image and disconnecting the camera via a cyber-attack, comme DDoS, par exemple. The price of those cameras ranges from $500 to thousands of dollars.

As soon as the issue was discovered, the company has released an update to the firmware of those devices specifically oriented towards patching this issue.

Further analysis after SEC Consult discovered the exploits has resulted in the discovery of hard-coded credentials located in the firmware. One of those credentials was used to control user accounts and the other one was pointed towards direct administrative god-mode type of access (racine). The names of the two accounts were respectively:

  • est reçu
  • déboguer
  • texttt
  • texttt
  • texttt
  • texttt
  • texttt

After infections it really comes down to the imagination of the attacker. One scenario is that these could be used to access neighbor devices via the Telnet protocol or SSH protocol if the software for cracking SSH is available at the dispose of the cyber-criminals. This can result in taking control of key devices such as switches or multilayer switchers and routers as well as important AP’s which can result of a full control of an organization’s network.

Hackers Could Manipulate Cameras’ Image

One of the discovered accounts, named “primana” also had administrative access to control the picture of the camera and control to physically alter where the camera is pointing at. Other privileges used by these cameras allow for organizations to take advantage of the heater of the cameras, more importantly activate it and deactivate it.

Everyone who is using these cameras is strongly advised to update their firmware with the latest by Sony. En outre, to secure the devices it is also recommended to create a VLAN whitelist and further secure firewalls as well.

Zero Days Bugs Discovered as Well

Another alert concerning IP cameras notifies about two zero-day bugs, discovered by Cybereason.

One of those bugs has the ability to enable the sharing of information with the IoT device and to bypass any authentication present. This exploit can be performed to get a hacker access to important information, like passwords used to access the hacked and other IoT devices connected to it. And the password strength does not play any role in this, meaning that no matter how strong your password is, it can still be hacked via this zero-day bug.

This leads to the second bug which was discovered, which allows for an external third-party to somehow gain access to the login screen to the cameras, where the hacked passwords and credentials can be entered to gain access to the device.

avatar

Ventsislav Krastev

Ventsislav a couvert les derniers logiciels malveillants, développements logiciels et plus récent technologie à SensorsTechForum pour 3 années. Il a commencé comme un administrateur réseau. Ayant obtenu leur diplôme et marketing, Ventsislav a aussi la passion pour la découverte de nouveaux changements et les innovations en matière de cybersécurité qui deviennent changeurs de jeu. Après avoir étudié la gestion de la chaîne de valeur et d'administration réseau, il a trouvé sa passion dans les cybersecrurity et croit fermement à l'éducation de base de chaque utilisateur vers la sécurité en ligne.

Plus de messages - Site Internet

Laisser un commentaire

Votre adresse de messagerie ne sera pas publiée. Les champs obligatoires sont marqués *

Délai est épuisé. S'il vous plaît recharger CAPTCHA.

Partager sur Facebook Partager
Loading ...
Partager sur Twitter Tweet
Loading ...
Partager sur Google Plus Partager
Loading ...
Partager sur Linkedin Partager
Loading ...
Partager sur Digg Partager
Partager sur Reddit Partager
Loading ...
Partager sur Stumbleupon Partager
Loading ...