Sony IPELA Engine IP cameras ‘have backdoor accounts’, according to security researchers in Austria.
The researchers, from Austrian security firm SEC Consult said they found two apparent backdoor accounts in more than 80 different IP camera models made by Sony – all of which are mainly used by enterprises and law enforcement agencies.
According to the company, two user accounts dubbed ‘primana’ and ‘debug’ could be used by remote attackers to control the web server built into these devices and then enable ‘telnet’ – a protocol that allows remote logons over the internet – to be turned on. Telnet is the same communications method that was exploited by Mirai; it trawled through the internet looking for telnet-enabled IoT devices which were protected by factory-default passwords.
“We believe that this backdoor was introduced by Sony developers on purpose (maybe as a way to debug the device during development or factory functional testing) and not an “unauthorized third party” like in other cases (e.g. the Juniper ScreenOS Backdoor, CVE-2015-7755),” SEC Consult said in its blog.
The firm asked Sony some questions regarding the nature of the backdoor, including its intended purpose, but did not receive a response. However, SEC Consult said that the Japanese company has since released updated firmware for the affected models.
This is unlikely to be the last finding of insecure IP cameras. Clive Longbottom, analyst at Quocirca suggested that one way around the issue is for cameras to come with specific machine-generated passwords. He also suggested that all external connections should be over a secure network, and that the user should be advised to change the port used during set-up.
“All of this is close to a zero cost to the camera manufacturer. Moving to a secure OS and better management of user rights to prevent the hijacking of the kernel, for example, would incur a higher degree of cost – but could be a good sales differentiator in the market,” he said.