Brian Krebs has posted an interesting article discussing IP cameras from Sony and other white labeled IP cameras that researchers recently found vulnerable to attacks that could see them being added to the Mirai arsenal.
New research published this week could provide plenty of fresh fodder for Mirai, a malware strain that enslaves poorly-secured Internet of Things (IoT) devices for use in powerful online attacks. Researchers in Austria have unearthed a pair of backdoor accounts in more than 80 different IP camera models made by Sony Corp. Separately, Israeli security experts have discovered trivially exploitable weaknesses in nearly a half-million white-labeled IP camera models that are not currently sought out by Mirai.
In a blog post published today, Austrian security firm SEC Consult said it found two apparent backdoor accounts in Sony IPELA Engine IP Cameras — devices mainly used by enterprises and authorities. According to SEC Consult, the two previously undocumented user accounts — named "primana" and "debug" — could be used by remote attackers to commandeer the Web server built into these devices, and then to enable "telnet" on them.
[...] "We believe that this backdoor was introduced by Sony developers on purpose (maybe as a way to debug the device during development or factory functional testing) and not an 'unauthorized third party' like in other cases (e.g. the Juniper ScreenOS Backdoor, CVE-2015-7755)," SEC Consult wrote.
It's unclear precisely how many Sony IP cameras may be vulnerable, but a scan of the Web using Censys.io indicates there are at least 4,250 that are currently reachable over the Internet.
[Editor note: I have been getting occasional 502 errors from krebsonsecurity.com pages yesterday and today.]
(Score: 3, Funny) by Megahard on Sunday December 18 2016, @10:01PM
I want one.