SoylentNews

Fnord666 [soylentnews.org] writes:

Brian Krebs has posted an interesting article discussing IP cameras from Sony and other white labeled IP cameras that researchers recently found vulnerable to attacks [krebsonsecurity.com] that could see them being added to the Mirai arsenal.

New research published this week could provide plenty of fresh fodder for Mirai [krebsonsecurity.com], a malware strain that enslaves poorly-secured Internet of Things (IoT) devices for use in powerful online attacks [krebsonsecurity.com]. Researchers in Austria have unearthed a pair of backdoor accounts in more than 80 different IP camera models made by Sony Corp. Separately, Israeli security experts have discovered trivially exploitable weaknesses in nearly a half-million white-labeled IP camera models that are not currently sought out by Mirai.

In a blog post published today, Austrian security firm SEC Consult said it found two apparent backdoor accounts in Sony IPELA Engine IP Cameras — devices mainly used by enterprises and authorities. According to SEC Consult, the two previously undocumented user accounts — named "primana" and "debug" — could be used by remote attackers to commandeer the Web server built into these devices, and then to enable "telnet" on them.

[...] "We believe that this backdoor was introduced by Sony developers on purpose (maybe as a way to debug the device during development or factory functional testing) and not an 'unauthorized third party' like in other cases (e.g. the Juniper ScreenOS Backdoor, CVE-2015-7755 [rapid7.com])," SEC Consult wrote.

It's unclear precisely how many Sony IP cameras may be vulnerable, but a scan of the Web using Censys.io [censys.io] indicates there are at least 4,250 that are currently reachable over the Internet.

Original Submission