Not just crapgadgets: Sony's enterprise CCTV can be easily hacked by IoT worms like Mirai

Originally published at: http://boingboing.net/2016/12/06/not-just-crapgadgets-sonys.html

I think the cheapest IPELA camera starts at $300, prices run into the thousands.

Sony has done the responsible thing, is offering free firmware updates for all owners of IPELA Engine cameras, even without an an active support contract. Hopefully this time they’ve hidden the backdoors better, the debug user’s password was “popeyeConnection” but the primana account password is “primana”.

The various “white label” and small importer cameras will offer a vulnerability for years to come, very few vendors come out and say who the real maker is of their cameras, and generally don’t publish firmware updates on their websites, and won’t warranty your camera if you install a “generic” update.

Sony’s response was incrementally better(as you’d want it to be, for the price); but it is not encouraging that their equipment made it into the wild with exactly the same class of egregious vulnerabilities as the cheapest of the cheap seats.

An ‘enterprise’ customer might well want some sort of vendor access mechanism, it’s not uncommon for high end equipment to phone home and request maintenance or the like; but an undocumented access mechanism would be wholly unacceptable. And, even if one is needed, that would be a more or less textbook example of where you should be using keypair authentication rather than hardcoded passwords.

Sony’s response was adequate enough to avoid being blatantly negligent; but they screwed up on this one.

1 Like

Pretty much every enterprise vendor has or will make the “hardcoded credentials” mistake, this year alone I see announcements from Cisco, Juniper, Fortinet …

One of the biggest vulnerabilities I personally discovered and published involved a vendor’s use of hardcoded credentials in sensitive appliances… that was well over a decade ago. As an installer of “enterprise grade” IT infrastructure, I don’t want any remote backdoors in the products I deploy. If recovery is required, make it dependent on physical access, or at least require use of a serial port.

The only real improvement I’ve seen in the past decade is that nowadays most vendors give the option to disable telnet :unamused:

1 Like

fixed ; )

1 Like

I thought that was your slur for DRM gear?

This topic was automatically closed after 5 days. New replies are no longer allowed.