FLIR Thermal Camera Multiple Vulnerabilities, Patch Released

By: Brian Karas, Published on Oct 03, 2017

Multiple cyber security vulnerabilities exist in FLIR thermal cameras, which have not been fixed, despite being reported months ago. UPDATE- FLIR has released patches, which are covered in this report.

In this note, we examine the vulnerabilities, share our test results of vulnerable FLIR cameras, review FLIR's response and the impact on the company. 

******** ***** ******** *************** exist ** **** ******* cameras,***** **** *** **** fixed, ******* ***** ******** months ***. ******- **** has ******** *******, ***** are ******* ** **** report.

** **** ****, ** examine *** ***************, ***** our **** ******* ** vulnerable **** *******, ****** FLIR's ******** *** *** impact ** *** *******. 

[***************]

Vulnerabilities ********

***** ****** [**** ** longer *********], * ******** researcher ** ********* ******** ******* ** **** *************** to ****** ********. *** *************** ******* methods ** ******** **** images, *** *****, ******** files *** ***** **** from **** **-****** ******* cameras, ** **** ** hard ***** *********** *** remote **** ********* ********. For *******, *******/******* *** string "/********/*********/******/*******.*** [**** ** longer *********]" **** *** end ** * **** FC ****** ******** ** IP ******* ** * browser **** ***** ******** cameras ** ****** * live ***** (*.*.: ****://***.***.**.**:****/********/*********/******/*******.***).

** *****, ***** ******** enable ********* ** ******** data *** ****** **** the *******, ** **** as ******* ******* ******** that ***** **** ** a ******** ******* ** the ******, ********** ******** attackers ** ****** *** execute ****** ****.

 

Vulnerability ********

** ******** *** *************** ** ********** live ****** *** ******* files **** ** /***/****** from ******** ********** ******* found *** ******. **** examples ** ****** *********:

  

******** *** /***/****** **** on ********** ******* ***** the **** **** ******** used ****** *** ******** of *******:

**** ********** **** *** claim ** ****-***** *********** in *** ************* *******, as ** ** ******** otherwise **** ** **** cameras ***** **** *** same ********* ******** ****** for *** **** ****.

No ******** *** ********* 

Updated ******** ********

****** - ****** ******** pataches **** *** ********* at *** **** ** our ******** ***********, **** have ***** **** ********.

**** ******** * ***** for ***** *************** [**** no ****** *********]. ******* instructions *** ******** ** the release ***** *** *** patch [**** ** ****** available], ***** ******** ******** each ****** ************ *** its *** *********. ******* this ** * *****, and *** * **** firmware *******, ***** **** to ***** ** ** a ********* ******* (*.*.* or *.*.*), *** **** need ** ****** ***** firmware ** *** ** these ******** ****** ******** the ***** ** ******* older ******** ** *** camera.

****'* ******** ******** ********* *** **** ****** firmware *** **-****** ******* as *-**-****, **** ****** this ************* *** ********:

FLIR Limited / **** ********

********* ****'* ******* *** comment ** **** ** September ****, **** ****** a ************* ******** ** October *** [**** ** longer *********], **** ******* ***********. **** comes * ****** ***** the ******* ****** ** FLIR ** ***** ***************, and **** *** ******* which ****** *** ********, or **** ********* *** expect ******* ********. *** bulletins **** ************** ** to *** ***** ******** access ** **** *******:

** ****** ****, ** recommend **** ********* ***** cameras **** ** ******, secured ********.

*** ****** ******** **** also ********* * **** of ************** **** ****, stating "** *** *** a *** ** ********** have **** ******** *** the ********* ***************."

**** ***** ***-***** *** *********** who *** ***** ** have **** ******* ** use ** ******** ************** sites, **** ******** ***** contacted ** **** ** warn **** ** ***** vulnerabilities ****** *** ******* 2nd *******.

Minimal ****** *******

*** ****** ** **** scans ******** *** **** ******* **** very *** ******* ** accessible *******:

**** ** *******, ***** that **** ******* ******* are **** *********, ***** not ** ******** **** as "*******", *** *** frequently ********* ** * VMS. *******, * **** ** the ********* ******* ****** that **% ** **** were ******** ** **** vulnerability.

Impact *********

****** ******* **** ******* accessible ******, ******* ** those ******* ******* ********* for **** ****/******** ** the ***** ***** ****. FLIR thermal ******* *** ********* deployed ** ******** ************** sites, ** ***** **** high ***** ******. ************, these ******* *** ***** linked ** ***** ********* systems *** ********* ********* warnings. * ************* **** allows ** ******** ** view *** ******'* ******** area, ** *********** ***** settings ** ******* *****/****** analytics ******* * **** more ****** **** **** disabling * ****** *********** a ***** ********.

************, **** ********* **** the ****** **** ***** settings, *********, ** ***** data ***** ****** *********** sensitive *********** ***** *** ******** network ************ ** ***** devices ** ***. ******* could **** *********** ** exploited ** ***** ***** access, ****** ********* ****** to *** ******** ******* the ****** ******* **.

In ******** ** **** ***** *** ***************

***** *************** *** ******** and ********** ** ****************** **** **** *** been ******* ** **** their ****** ** *********** *** ********* ** their *** *** ***** lines.

Vs ********* ********

***** **** *************** ** not ***** ***** ** circumvent ************** ** ***** to * ******* *** *********, or ** ***** ** retrieve **** ********* ********. However, *** ****-***** *********** in *** ***** ** could ** **** ** access * ******* ********* if *** *** ********** ** the ***** (*** *** is ******** ** *******).

**** ************* *** ************ to *** ********* "***** ******" ******* ** **** ** **** not ******* *** ************** or ******* ****** ** access *** ******** ********, but ** ** **** critical ** **** ** cannot ** **** ** reset ** ******** ** admin ******* *** **** full ****** ** *** camera.

Poor ******** ***** ** ****

****'* **** ** * timely ******** ** ********* customers *** ********** ***** vulnerabilities *** ******** ** harm ***** ******* ********** ******** ********.

********* *** ******** ***** *** ******* cameras, ******* ******** ** FLIR, *** *** ********* avoided **** ** *** bottom ******** ** **** segment. A ****** ******** **** legacy ************* *** **** to ***** *** *********'* multiple ******** ***************, *** failure ** ******* ***** proactively, ** ** *******: ********* ***** **** *** Security ****** *** **** Bad *****.

**** **** *************, **** has ****** ********** **-*** with ********* ** ***** ** ease ** ******* *** handling ** ********* ************* to *********, **** ****** eroding ***** *** ******* price ************* *** ***** has ***** **** *********** and ***-*****.

 

Comments (6)

I'm curious if and how FLIR will react to this ☺️

Well done IPVM, thank you! 

Doesn’t Dahua actually assemble the Flir TC series? Are we sure of who makes the FC series? I only have had my hands on the FC-618 for a short period and don’t recall at the moment if it was Dahua-esque. 

The FC series is done 100% by FLIR, including assembly. 

It might be beneficial to search for FLIR OEM partners that just use FLIR's thermal modules and combine it with a custom (and more secure) encoder chipset (which includes all network functions).

I do not want to do any promotion here, but these partners exist. 

There is now a software fix available from FLIR for these vulnerabilities, the report has been updated with the following section to address this:

UPDATE - Patch Released

FLIR released a patch for these vulnerabilities. Upgrade instructions are outlined in the release notes for the patch, which requires updating each camera individually via its web interface. Because this is a patch, and not a full firmware release, users need to first be on a supported version (1.3.4 or 1.3.5), and will need to update their firmware to one of these versions before applying the patch if running older software on the camera.

This is good information guys, thanks!

Login to read this IPVM report.

Related Reports

FLIR Markets Windows Temperature Screening, Violates IEC And Causes Performance Problems on Jul 17, 2020
FLIR, one of the largest thermal screening manufacturers, is marketing...
Milestone Presents XProtect On AWS on May 04, 2020
Milestone presented its XProtect on AWS offering at the April 2020 IPVM New...
FLIR A Series Temperature Screening Cameras Tested on Jun 04, 2020
FLIR is one of the biggest names in thermal and one of the most conservative....
FDA Gives Guidance on 'Coronavirus' Thermal Fever Detection Systems on Mar 30, 2020
The US FDA has given IPVM guidance on the use of thermal fever detection...
FLIR New Coronavirus Prioritized Temperature Screening Camera Examined on Apr 03, 2020
FLIR has announced a new series of thermal cameras "prioritized for entities...
Dahua Critical Cloud Vulnerabilities on May 12, 2020
Dahua has acknowledged a series of cloud vulnerabilities that researcher...
Use Access Control Logs To Constrain Coronavirus on Apr 09, 2020
Access control users have included capabilities that are not commonly used...
Beware Of Feevr on Apr 14, 2020
Beware of "Feevr". The company is marketing a 'Feevr' solution that...
FLIR Screen-EST Screening Software Tested on Jun 30, 2020
In our FLIR A Series Test, the cameras' biggest drawback was their lack of...
Genetec Security Center 5.9 Release Examined on Feb 06, 2020
Genetec released the next major version of Security Center, less than a year...
Directory of 201 "Fever" Camera Suppliers on Aug 04, 2020
This directory provides a list of "Fever" scanning thermal camera providers...
Density Presents Occupancy Monitoring For Coronavirus Protection on May 22, 2020
Density presented its cloud-based occupancy sensor to deal with Coronavirus...
FLIR Presents Dual Spectrum High Security Focused PTZ on May 01, 2020
FLIR presented its Elara DX-Series bispectral, visible and thermal, PTZ...
IPConfigure Presents Orchid Fusion VSaaS on Apr 30, 2020
IPConfigure presented Orchid Fusion VSaaS at the April 2020 IPVM New Products...
Faked Coronavirus Fever Detection, Athena Used Hikvision; Responds - Selling NDAA Compliant Cameras, Pledging 50% Of Profits to Victims on Mar 24, 2020
US company, Athena Security, faked its coronavirus fever detection marketing,...

Recent Reports

VSaaS Will Hurt Integrators on Aug 06, 2020
VSaaS will hurt integrators, there is no question about that. How much...
Dogs For Coronavirus Screening Examined on Aug 06, 2020
While thermal temperature screening is the surveillance industry's most...
ADT Slides Back, Disappointing Results, Poor Commercial Performance on Aug 06, 2020
While ADT had an incredible start to the week, driven by the Google...
AHJ / Authority Having Jurisdiction Tutorial on Aug 06, 2020
One of the most powerful yet often underappreciated characters in all of the...
SIA Coaches Sellers on NDAA 889B Blacklist Workarounds on Aug 05, 2020
Last month SIA demanded that NDAA 899B "must be delayed". Now that they have...
ADI Returns To Growth, Back To 'Pre-COVID Levels' on Aug 05, 2020
While ADI was hit hard in April, with revenue declining 21%, the company's...
Exposing Fever Tablet Suppliers and 40+ Relabelers on Aug 05, 2020
IPVM has found 40+ USA and EU companies relabeling fever tablets designed,...
Indian Government Restricts PRC Manufacturers From Public Projects on Aug 04, 2020
In a move that mirrors the U.S. government’s ban on Dahua and Hikvision...
Directory of 201 "Fever" Camera Suppliers on Aug 04, 2020
This directory provides a list of "Fever" scanning thermal camera providers...
Face Masks Increase Face Recognition Errors Says NIST on Aug 04, 2020
COVID-19 has led to widespread facemask use, which as IPVM testing has shown...
Dahua Loses Australian Medical Device Approval on Aug 04, 2020
Dahua has cancelled its medical device registration after "discussions" with...
Google Invests in ADT, ADT Stock Soars on Aug 03, 2020
Google has announced a $450 million investment in the Florida-based security...
US Startup Fever Inspect Examined on Aug 03, 2020
Undoubtedly late to fever cameras, this US company, Fever Inspect, led by a...
Motorola Solutions Acquires Pelco on Aug 03, 2020
Motorola Solutions has acquired Pelco, pledging to bring blue back and make...
False: Verkada: "If You Want To Remote View Your Cameras You Need To Punch Holes In Your Firewall" on Jul 31, 2020
Verkada falsely declared to “3,000+ customers”, “300 school districts”, and...