Security Audit

Our Web Application Pentest ( WAP) attempts to address the Owasp top 10 & SANS top 20 web application vulnerabilities and other exploitable loopholes of your web application . Along with it our WAP team also test web applications for Business logic flaws that can directly or indirectly effect the functioning of application.

Trainings

We are here to help you solve your biggest query- where and how to start? CDI has brought various courses in Ethical Hacking in Chandigarh where all you technology lovers will be given the much needed push to move forward and create a niche for yourself in the field. From Beginner to Expert level we have many kinds of training patterns.

Call Us : +91-771045-0011 | +91-771045-0022

80 Sony IP CCTV Camera Models Are Affected With Two Secret Backdoors

 

 

 

Most of the private and government organizations are using IP-based security camera to keep their eye on sensitive places such as server rooms. According to a report of Austria-based security firm SEC Consult, hackers could compromise IP-based cameras of “Sony” companies because two backdoor accounts are available in their current firmware version. Around 80 models of Sony IP cameras contains these backdoor accounts. Hackers could exploit this security flaw and can easily compromise this camera by using a strong botnet. As you know, Mirai Botnet is a powerful botnet which can easily compromise poorly configured IoT devices.

 

Two Backdoor Accounts Are Available

According to security researchers of SEC Consult, One backdoor account is available in the Web Interface of Sony’s current IP camera firmware version. This backdoor is set of hardcoded credentials, which is allowing hackers to enable Telnet service of cameras by sending remote requests.

 

The second backdoor is also a hard coded password which could be used by hackers to gain the root access of devices. After getting root access, they can fully control the devices over Telnet. This password string is available in a cryptographic hash and it is possible to crack it by spending some time on it.

 

How is it possible?

SEC Consult said that these backdoors had been created by the official developers of Sony.  Not a single footprint of third party programmer has been identified by the security researchers of SEC Consult. It seems like, developers had created these backdoors to debug the device during testing and they forget to remove both of the backdoors from the firmware.

 

What Hackers Can Do By Hacking These Cameras?

Hackers could enable Telnet service of devices and can access them over the internet or over the local area network. Hackers can convert these cameras into bots by infecting them with a strong botnet such as Mirai Botnet to perform DDoS (Distributed Denial of Service) Attack on major networks and companies. Hackers could also disrupt working functionality of cameras. Hackers could spy on all those networks which are under Electronic surveillance. Moreover, hackers could send specially crafted videos and images to the control room.

 

Vulnerable Models of Sony IP Camera

 

  • SNC-CH115
  • SNC-CH120
  • SNC-CH160
  • SNC-CH220
  • SNC-CH260
  • SNC-DH120
  • SNC-DH120T
  • SNC-DH160
  • SNC-DH220
  • SNC-DH220T
  • SNC-DH260
  • SNC-EB520
  • SNC-EM520
  • SNC-EM521
  • SNC-ZB550
  • SNC-ZM550
  • SNC-ZM551
  • SNC-EP550
  • SNC-EP580
  • SNC-ER550
  • SNC-ER550C
  • SNC-ER580
  • SNC-ER585
  • SNC-ER585H
  • SNC-ZP550
  • SNC-ZR550
  • SNC-EP520
  • SNC-EP521
  • SNC-ER520
  • SNC-ER521
  • SNC-ER521C
  • SNC-CX600
  • SNC-CX600W
  • SNC-EB600
  • SNC-EB600B
  • SNC-EB602R
  • SNC-EB630
  • SNC-EB630B
  • SNC-EB632R
  • SNC-EM600
  • SNC-EM601
  • SNC-EM602R
  • SNC-EM602RC
  • SNC-EM630
  • SNC-EM631
  • SNC-EM632R
  • SNC-EM632RC
  • SNC-VB600
  • SNC-VB600B
  • SNC-VB600B5
  • SNC-VB630
  • SNC-VB6305
  • SNC-VB6307
  • SNC-VB632D
  • SNC-VB635,
  • SNC-VM600
  • SNC-VM600B
  • SNC-VM600B5
  • SNC-VM601
  • SNC-VM601B
  • SNC-VM602R
  • SNC-VM630
  • SNC-VM6305
  • SNC-VM6307
  • SNC-VM631
  • SNC-VM632R
  • SNC-WR600
  • SNC-WR602
  • SNC-WR602C
  • SNC-WR630
  • SNC-WR632
  • SNC-WR632C
  • SNC-XM631
  • SNC-XM632
  • SNC-XM636
  • SNC-XM637
  • SNC-VB600L
  • SNC-VM600L
  • SNC-XM631L
  • SNC-WR602CL

 

All the above metioned models of  Sony cameras are affeted with backdoor. The Censys.io is a search engine, which allows computer researchers to search those devices which are composing the internet. A search of “Censys.io” shows that more than 4000 Sony IP-based cameras are connected to the internet. There are much more which are vulnerable in actual.

 

Solution

If you are a user of Sony IP Cameras, then update the firmware version of your devices as soon as possible. An update has been released by Sony to fix this security issue. Don’t forget, hackers are focusing on IoT devices these days to perform large scale DDoS type attacks. It is happening from the day one since the source code of Mirai Botnet had been released by its owner publically.

 

Simialar Articles:

Amazon's Top Selling Product, D-Link Wifi Camera is Hackable!

4,00,000 Devices of D-Link are Vulnerable including Webcams, Modems and Storage Devices!

"Delilah Malware" Can Record Your Videos Anonymously, to Blackmail You For Becoming a Insider Threat!

Leave a Reply

Name
Email id
Contact No
Comment

See more of Cyber Intelligence by logging in.
Connect with cyber security experts,Discover job opportunities,Online Training, Information Security Advisory and lot more.