Slashdot Mirror

← Back to Stories (view on slashdot.org)

Backdoor Accounts Found in 80 Sony IP Security Camera Models (pcworld.com)

Posted by msmash on from the security-woes dept.

Many network security cameras made by Sony could be taken over by hackers and infected with botnet malware if their firmware is not updated to the latest version. Researchers from SEC Consult have found two backdoor accounts that exist in 80 models of professional Sony security cameras, mainly used by companies and government agencies given their high price, PCWorld reports. From the article: One set of hard-coded credentials is in the Web interface and allows a remote attacker to send requests that would enable the Telnet service on the camera, the SEC Consult researchers said in an advisory Tuesday. The second hard-coded password is for the root account that could be used to take full control of the camera over Telnet. The researchers established that the password is static based on its cryptographic hash and, while they haven't actually cracked it, they believe it's only a matter of time until someone does. Sony released a patch to the affected camera models last week.

3 of 55 comments (clear)

  1. Re:Of course by Calydor · · Score: 3, Insightful

    Whether or not you personally use Sony products does not prohibit someone else from taking your ISP offline with a botnet of Sony products.

    --
    -=This sig has nothing to do with my comment. Move along now=-
  2. What camera to buy? by gQuigs · · Score: 3, Insightful

    I'd like to buy an IP camera, but I haven't been able to find any that are as open/secure/clearly* supported than a raspberry pi with a camera board (and motion software). I'd rather buy a complete solution than put it together myself though.

    Requirements:
    * Not require the cloud. (Happy if the feature exists as long as it has an off switch)
    * Have an OS that has a stated support period (of at least 3 years)
    * Sent a video feed to other device on my network.
    * 720p+
    * Ideal budge Less than $100

    Ideally it would have an Open Source OS that I can replace if I want, but does everything I need so I never want to...

  3. The company that rootkitted Windows from audio CDs by mr_mischief · · Score: 4, Insightful

    So the company that put Windows rootkits on Redbook audio CDs puts backdoors in other products? Stunning!

    The company that sold the PSP 1000 to early adopters at $250+ per unit based on all the things it would be able to do with expansions, then released expansions that only worked with later models doesn't take their customers' needs seriously? Shocking!

    The company that advertised Linux on the PlayStation 3 then made it impossible to use Linux if you installed most of the newer PS/3 games stomps on their promises? Inconceivable!

    Or... oh, wait... no, that's not it. The surprising part is that anybody trusts these shady jerks at all.