FLIR Thermal Camera Multiple Vulnerabilities, Patch Released

By Brian Karas, Published on Oct 03, 2017

Multiple cyber security vulnerabilities exist in FLIR thermal cameras, which have not been fixed, despite being reported months ago. UPDATE- FLIR has released patches, which are covered in this report.

In this note, we examine the vulnerabilities, share our test results of vulnerable FLIR cameras, review FLIR's response and the impact on the company. 

Vulnerabilities ********

***** ****** [**** ** longer *********], * ******** researcher ** ********* ******** ******* ** **** *************** to ****** ********. *** *************** ******* methods ** ******** **** images, *** *****, ******** files *** ***** **** from **** **-****** ******* cameras, ** **** ** hard ***** *********** *** remote **** ********* ********. For *******, *******/******* *** string "/********/*********/******/*******.*** [**** ** longer *********]" **** *** end ** * **** FC ****** ******** ** IP ******* ** * browser **** ***** ******** cameras ** ****** * live ***** (*.*.: ****://***.***.**.**:****/********/*********/******/*******.***).

** *****, ***** ******** enable ********* ** ******** data *** ****** **** the *******, ** **** as ******* ******* ******** that ***** **** ** a ******** ******* ** the ******, ********** ******** attackers ** ****** *** execute ****** ****.

 

Vulnerability ********

** ******** *** *************** ** ********** live ****** *** ******* files **** ** /***/****** from ******** ********** ******* found *** ******. **** examples ** ****** *********:

  

******** *** /***/****** **** on ********** ******* ***** the **** **** ******** used ****** *** ******** of *******:

**** ********** **** *** claim ** ****-***** *********** in *** ************* *******, as ** ** ******** otherwise **** ** **** cameras ***** **** *** same ********* ******** ****** for *** **** ****.

No ******** *** ********* 

Updated ******** ********

****** - ****** ******** pataches **** *** ********* at *** **** ** our ******** ***********, **** have ***** **** ********.

**** ******** * ***** for ***** *************** [**** no ****** *********]. ******* instructions *** ******** ** the release ***** *** *** patch [**** ** ****** available], ***** ******** ******** each ****** ************ *** its *** *********. ******* this ** * *****, and *** * **** firmware *******, ***** **** to ***** ** ** a ********* ******* (*.*.* or *.*.*), *** **** need ** ****** ***** firmware ** *** ** these ******** ****** ******** the ***** ** ******* older ******** ** *** camera.

****'* ******** ******** ********* *** **** ****** firmware *** **-****** ******* as *-**-****, **** ****** this ************* *** ********:

FLIR Limited / **** ********

********* ****'* ******* *** comment ** **** ** September ****, **** ****** a ************* ******** ** October *** [**** ** longer *********], **** ******* ***********. **** comes * ****** ***** the ******* ****** ** FLIR ** ***** ***************, and **** *** ******* which ****** *** ********, or **** ********* *** expect ******* ********. *** bulletins **** ************** ** to *** ***** ******** access ** **** *******:

** ****** ****, ** recommend **** ********* ***** cameras **** ** ******, secured ********.

*** ****** ******** **** also ********* * **** of ************** **** ****, stating "** *** *** a *** ** ********** have **** ******** *** the ********* ***************."

**** ***** ***-***** *** *********** who *** ***** ** have **** ******* ** use ** ******** ************** sites, **** ******** ***** contacted ** **** ** warn **** ** ***** vulnerabilities ****** *** ******* 2nd *******.

Minimal ****** *******

*** ****** ** **** scans ******** *** **** ******* **** very *** ******* ** accessible *******:

**** ** *******, ***** that **** ******* ******* are **** *********, ***** not ** ******** **** as "*******", *** *** frequently ********* ** * VMS. *******, * **** ** the ********* ******* ****** that **% ** **** were ******** ** **** vulnerability.

Impact *********

****** ******* **** ******* accessible ******, ******* ** those ******* ******* ********* for **** ****/******** ** the ***** ***** ****. FLIR thermal ******* *** ********* deployed ** ******** ************** sites, ** ***** **** high ***** ******. ************, these ******* *** ***** linked ** ***** ********* systems *** ********* ********* warnings. * ************* **** allows ** ******** ** view *** ******'* ******** area, ** *********** ***** settings ** ******* *****/****** analytics ******* * **** more ****** **** **** disabling * ****** *********** a ***** ********.

************, **** ********* **** the ****** **** ***** settings, *********, ** ***** data ***** ****** *********** sensitive *********** ***** *** ******** network ************ ** ***** devices ** ***. ******* could **** *********** ** exploited ** ***** ***** access, ****** ********* ****** to *** ******** ******* the ****** ******* **.

In ******** ** **** ***** *** ***************

***** *************** *** ******** and ********** ** ****************** **** **** *** been ******* ** **** their ****** ** *********** *** ********* ** their *** *** ***** lines.

Vs ********* ********

***** **** *************** ** not ***** ***** ** circumvent ************** ** ***** to * ******* *** *********, or ** ***** ** retrieve **** ********* ********. However, *** ****-***** *********** in *** ***** ** could ** **** ** access * ******* ********* if *** *** ********** ** the ***** (*** *** is ******** ** *******).

**** ************* *** ************ to *** ********* "***** ******" ******* ** **** ** **** not ******* *** ************** or ******* ****** ** access *** ******** ********, but ** ** **** critical ** **** ** cannot ** **** ** reset ** ******** ** admin ******* *** **** full ****** ** *** camera.

Poor ******** ***** ** ****

****'* **** ** * timely ******** ** ********* customers *** ********** ***** vulnerabilities *** ******** ** harm ***** ******* ********** ******** ********.

********* *** ******** ***** *** ******* cameras, ******* ******** ** FLIR, *** *** ********* avoided **** ** *** bottom ******** ** **** segment. A ****** ******** **** legacy ************* *** **** to ***** *** *********'* multiple ******** ***************, *** failure ** ******* ***** proactively, ** ** *******: ********* ***** **** *** Security ****** *** **** Bad *****.

**** **** *************, **** has ****** ********** **-*** with ********* ** ***** ** ease ** ******* *** handling ** ********* ************* to *********, **** ****** eroding ***** *** ******* price ************* *** ***** has ***** **** *********** and ***-*****.

 

Comments (6)

I'm curious if and how FLIR will react to this ☺️

Well done IPVM, thank you! 

Doesn’t Dahua actually assemble the Flir TC series? Are we sure of who makes the FC series? I only have had my hands on the FC-618 for a short period and don’t recall at the moment if it was Dahua-esque. 

The FC series is done 100% by FLIR, including assembly. 

It might be beneficial to search for FLIR OEM partners that just use FLIR's thermal modules and combine it with a custom (and more secure) encoder chipset (which includes all network functions).

I do not want to do any promotion here, but these partners exist. 

There is now a software fix available from FLIR for these vulnerabilities, the report has been updated with the following section to address this:

UPDATE - Patch Released

FLIR released a patch for these vulnerabilities. Upgrade instructions are outlined in the release notes for the patch, which requires updating each camera individually via its web interface. Because this is a patch, and not a full firmware release, users need to first be on a supported version (1.3.4 or 1.3.5), and will need to update their firmware to one of these versions before applying the patch if running older software on the camera.

This is good information guys, thanks!

Read this IPVM report for free.

This article is part of IPVM's 6,596 reports, 889 tests and is only available to members. To get a one-time preview of our work, enter your work email to access the full article.

Already a member? Login here | Join now

Related Reports

FLIR Markets Windows Temperature Screening, Violates IEC And Causes Performance Problems on Jul 17, 2020
FLIR, one of the largest thermal screening manufacturers, is marketing...
FLIR Screen-EST Screening Software Tested on Jun 30, 2020
In our FLIR A Series Test, the cameras' biggest drawback was their lack of...
Face Masks Increase Face Recognition Errors Says NIST on Aug 04, 2020
COVID-19 has led to widespread facemask use, which as IPVM testing has shown...
Dahua USA Admits Thermal Solutions "Qualify As Medical Devices" on Jul 02, 2020
Dahua USA has issued a press release admitting a controversial point in the...
FaceFirst Problems And Layoff on Oct 01, 2020
FaceFirst, a US company and one of the oldest ongoing facial recognition...
Ubiquiti Access Control Tested on Oct 21, 2020
Ubiquiti has become one of the most widely used wireless and switch providers...
Monitoring Alarm Systems From Home - Innovation or Danger? on Oct 13, 2020
Remote monitoring by alarm companies since COVID-19 is bringing cost savings...
Directory of 400+ Fever Camera News Reports Globally on Jul 22, 2020
This global directory tracks 400+ articles about thermal cameras used to...
Defendry Presents AI Active Shooter Security System on Jul 14, 2020
Defendry presented its Active Shooter security system at the May 2020 IPVM...
WDR Cheat Sheet and Camera Tracking - 30 Manufacturers on Aug 26, 2020
Manufacturers are regularly cryptic about what WDR support they actually...
FLIR CEO: Many New Fever Entrants "Making Claims That The Science Just Won't Support" on Sep 22, 2020
FLIR's CEO joins a growing number calling out risks with fever / screening...
Motorola Solutions Sells Avigilon Products To North Carolina Utility on Jul 16, 2020
Just 2 years after Motorola acquired Avigilon, concerns are growing among...
The US Fight Over Facial Recognition Explained on Jul 08, 2020
The controversy around facial recognition has grown significantly in 2020,...
Vintra Presents FulcrumAI on Jul 02, 2020
Vintra presented its FulcrumAI object recognition and mask detection offering...
Free Online NFPA, IBC, and ADA Codes and Standards 2020 on Sep 03, 2020
Finding applicable codes for security work can be a costly task, with printed...

Recent Reports

Consultants Online Show LIVE Today! on Oct 27, 2020
IPVM's 7th online show will feature 20+ consultants and recruiters presenting...
Eagle Eye Networks Raises $40 Million on Oct 27, 2020
Eagle Eye has raised $40 million aiming to "reinvent video...
Hikvision Q3 2020 Global Revenue Rises, US Revenue Falls on Oct 27, 2020
While Hikvision's global revenue rises driven by domestic recovery, its US...
VICE Investigates Verkada's Harassing "RawVerkadawgz" on Oct 26, 2020
This month, IPVM investigated Verkada's sexism, discrimination, and cultural...
Six Flags' FDA Violating Outdoor Dahua Fever Cameras on Oct 26, 2020
As Six Flags scrambled to reopen parks amid plummeting revenues caused by the...
ISC Brasil Digital Experience 2020 Report on Oct 23, 2020
ISC Brasil 2020 rebranded itself to ISC Digital Experience and, like its...
Top Video Surveillance Service Call Problems 2020 on Oct 23, 2020
3 primary and 4 secondary issues stood out as causing the most problems when...
GDPR Impact On Temperature / Fever Screening Explained on Oct 22, 2020
What impact does GDPR have on temperature screening? Do you risk a GDPR fine...
Security And Safety Things (S&ST) Tested on Oct 22, 2020
S&ST, a Bosch spinout, is spending tens of millions of dollars aiming to...
Nokia Fever Screening Claims To "Advance Fight Against COVID-19" on Oct 22, 2020
First IBM, then briefly Clorox, and now Nokia becomes the latest Fortune 500...
Deceptive Meridian Temperature Tablets Endanger Public Safety on Oct 21, 2020
IPVM's testing of and investigation into Meridian Kiosk's temperature...
Honeywell 30 Series and Vivotek NVRs Tested on Oct 21, 2020
The NDAA ban has driven many users to look for low-cost NVRs not made by...
Ubiquiti Access Control Tested on Oct 21, 2020
Ubiquiti has become one of the most widely used wireless and switch providers...
Avigilon Aggressive Trade-In Program Takes Aim At Competitors on Oct 20, 2020
Avigilon has launched one of the most aggressive trade-in programs the video...
Mexico Video Surveillance Market Overview 2020 on Oct 20, 2020
Despite being neighbors, there are key differences between the U.S. and...