Sony Misleading Marketing Hides Cracked Backdoor

Author: Brian Karas, Published on Jan 25, 2017

Sony is attempting to deemphasize the severity of the backdoor uncovered in Ipela cameras.

Meanwhile, IPVM has verified that the root password for the backdoor has been cracked.

Downplaying the severity of the hard-coded backdoor puts both users, and Sony's brand, at risk, as we explain in this report.

**** ** ********** ** *********** *** ******** ** *********** ********* ** ***** *******.

*********, **** *** ******** **** *** **** ******** *** *** backdoor *** **** *******.

*********** *** ******** ** *** ****-***** ******** **** **** *****, and ****'* *****, ** ****, ** ** ******* ** **** report.

[***************]

Sony's *****

**** ***** ** ******* *** *** ** "******** ******* ********':

***** *********** ****, **** ** **** ********** * ********* ** a ****** ** **** ** "******** *********". ** *** ** off, **** ******** ** ******** ***** **** **** *** ** all ****** *** **** ***** ** ********* ******* ****.

Sony ******* ******* *******

****'* ******-****** ******** *** ******** ********* **** **** ** ******* that ***** **** ***** ******** **** ** ******* ******** ** disable **** *******:

Cracked ******** **** ********

**** *** ******* *** ***** *********, *** *********** ********* *** hashes *** *** **** ******** *** *** *** ****** **** the *********** ******** ***.

* ********* *** *********** ** *********** ******** ******** **** **** the *** *********** ******** **** ******** *** *** * *******, and ** ******** **** ** ******.

** **** ****** ** ******* **** *** **** ******** *** cracked **** ***** ***, *** **** ****** **** ****** **********, as *** ****** ******* *** ********* ** ******* ******. ***** it ** ******* *** **** *** **** *** ******* **** password *** **** *****, ***** ****** ** ** ***** **** it ** *******.

****: ** *** *** ******* *** ******** **** ******** ***** it ** *** ****** ********* ****** *** ***** **, ** this *******, ***** ******** **** ** **** *****.

Misleading ********* **** ***** ** ****

**** ****** **** **** "********" ******* ******** ******* **** ***** more ******** ** ** ******* ****** ******, ***** ** ********** in **** ****. ********* ******* *** ********* ********, ***** ****** this ******** ***** ********** ****** **** **** *** ***** **** update ** **** ******* ******** ***** ****** ** ******, *** to ****** ***** ***** **** ******** ******* ********* ** ******* up ******** **** ********. *******, ***** ******* ****** **** ** attack **** ****** *** *** ***** **** *** * *******.

Sony ******* ** ******** ******

****** **'* **** ****'* ***** ******** ********* ******* ** ***** PC's**** **** ********* **** **** ** **** ******* *** **** knowing, *** ********** **** ***** ***** ** *** ********'* *********. In**** ** *** ******** **** ******* *** ****** ****** ** emails *** ***** ******* **** ** **** ********. ** **** ** ***** ********* ****'* ***** ******** ** public **********. ***** **** ** ***** ********* **** ******, ******* were ******** ******* ** ****'* ******** ********.

*** ******** ********** ** ***** *******, *** ****'* ******* ** acknowledge **, **** *** ******* ********* ******** *** ******** ** its *******, *** **** *** *** **** ****** ** **** customers ***** ***** ** ****. *** **** ****** **** ******* may *** ** **** *********** ** **** ** ******* ****'* Security ******** ***** ** ********** ** *** ***** *** ****** divisions.

Manufactures ****** *** ******** ******** ***********

***** ** ****** ******* ** ********** ** ******** ******** ** discovered ********, *********** ** *** ******* ********* ** *** ********, and ** ***** *** *****, ***** *** ****** *******. ********* are *** ****** ** *** *** ******** *******, ** ****** brands ** ****** ********, ** * ********* ******* ** ***** and ********* ******* **** **** ************* **** *** ************. *** they *** ****** ***** ******* ** **** **** *** **** the ************ *** *** ******** ****** **** ** ******** *** readily ********* ***** *** **** ********.

Comments (3)

Rodney Thayer

01/25/17 05:37pm

***** ****** ** * *** ****** *** **** *****. *** fact ***** ***'* ******** **** *****'* *** ***'* ********* *** itself (*** ****** ******* **** ****** ** *** *** *** elves ** ******** *** ************.) ******* ******* ** ** **** fail ** ****** ** *** ******** "****'* **** ***** ******** posture". *** **** * **** ******* ** ****** **** ********** than ***** ****** *******. ********, ******** ********* **** **** ********** bad *** *****.

**? ***'* **' ***** *** ***** ** **********-**** ******* ********** Sony *******?

Undisclosed #1

01/26/17 01:35am

*** **** *** ******** ** ****** ******* **** *** **** in **** **** *** *****.

*** **** *** **** ** *** ********** ** *** ****** syntax ***********:/debug/start-telnetd-sshd.cgi, which completes the exploit.

****, ** ** ********* *** *** **** ********* ** *** Consult ** ****** ****, *****.

Undisclosed #1

01/26/17 05:51pm

*******, *** ****** **** ** ***** *** ***** **** ******** from **** ****?

$*$$***************/******

** **,***'***** **, *'* **** ********* **** *** ****** ***, *** actually. *** * ******* ******* *** * ****** ***** ** it **** ** *******.

Login to read this IPVM report.
Why do I need to log in?
IPVM conducts unique testing and research funded by member's payments enabling us to offer the most independent, accurate and in-depth information.

Related Reports on Marketing

AV Tech Company Profile on Dec 07, 2018
Taiwanese manufacturer AV Tech's revenue declined ~70% since 2012. Planning a comeback, AV Tech spoke to IPVM about their opportunities and...
Fullerton Returns, Joins OpenEye on Dec 04, 2018
Eric Fullerton became one of the most famous people in the industry as the Chief Sales and Marketing Officer of Milestone as Milestone became the...
SS&Si Claims To Be "The New Face of Security Distribution" on Dec 03, 2018
Can 27-year-old Jake Voll disrupt the security distribution giants? He has positioned his company SS&Si as the 'NEW FACE' of...
Longse USA Profile on Nov 30, 2018
In September 2017, Longse bought and opened their USA office. As one of the largest South China surveillance manufacturers, they have previously...
ADT Promotes DIFY - "Do It For You" on Nov 30, 2018
"Do It Yourself" (DIY) is a popular expression and has become such a common word that it has even made the Cambridge English dictionary. But why...
Vintra "AI-Powered" Video Analytics Startup Profile on Nov 27, 2018
Vintra is a Silicon Valley startup focused on AI-based video analytics. They had booths at IACP and ISC West demonstrating their hosted or...
Axis Bad Marketing - Panoramic Commercial on Nov 23, 2018
Axis is bad at marketing. Recall last month - Axis: "No One Wants To Buy A Camera" and, more generally their 2018 production introductions. But...
ASIS Offering Custom Research For Manufacturers on Nov 15, 2018
Manufacturers often want to know what industry people think about trends and, in particular, the segments and product they offer.  ASIS and its...
Axis: "No One Wants To Buy A Camera" on Nov 09, 2018
Axis has, in its own description, made a bold declaration: The industry is changing so rapidly that the following statement might seem bold but...
Wyze Explosive Growth Disrupting Consumer IP Camera Market on Oct 30, 2018
Wyze, a company founded only in 2017, is poised to disrupt the consumer IP camera market by combining American marketing and Chinese manufacturing...

Most Recent Industry Reports

AV Tech Company Profile on Dec 07, 2018
Taiwanese manufacturer AV Tech's revenue declined ~70% since 2012. Planning a comeback, AV Tech spoke to IPVM about their opportunities and...
Ubiquiti $79 Flex IP Camera Tested on Dec 07, 2018
U.S. Manufacturer Ubiquiti has released a 1080p, integrated IR IP camera, selling it directly for $79, making this one of the least expensive IP...
Infinova's Xinjiang Business Examined on Dec 07, 2018
As pressure mounts for companies to stop doing business in China’s Xinjiang region amid a severe human rights crisis, IPVM has found Infinova sold...
Akuvox Intercom Profile on Dec 06, 2018
Akuvox, a Chinese manufacturer of VoIP products, is expanding heavily into Video Intercom products with disruptive pricing targeted for commercial...
Sublethal Camera Gun Examined on Dec 06, 2018
Sublethal is a South African company that manufactures a remotely-controlled, camera-enabled gun called the Boomslang, which is Afrikaans for tree...
UK ICO Denies IPVM GDPR Complaint Against IFSEC, Decides Each Exhibitor Responsible on Dec 06, 2018
The UK Information Commissioner's Office (ICO) has denied IPVM's complaint against IFSEC for misuse of facial recognition. Each Exhibitor...
VMS Live Monitoring Shootout - Avigilon, Dahua, Exacq, Genetec, Hikvision, Milestone, Network Optix on Dec 05, 2018
Viewing live video is the first interaction and most common task most users have with a VMS. Who does it best and worst? Who offers the most...
ADT Wins Fire Death Suit But Faces Appeal on Dec 05, 2018
ADT/Protection 1 has won a wrongful death court case in which it was sued by the estate of a deceased customer. However, the attorney for the...
Fullerton Returns, Joins OpenEye on Dec 04, 2018
Eric Fullerton became one of the most famous people in the industry as the Chief Sales and Marketing Officer of Milestone as Milestone became the...
Hanwha L Series Lowest-Cost Camera Tested on Dec 04, 2018
Hanwha has released their lowest-priced IP camera line ever, the L series, that competes on price with low cost competitors Dahua and...

The world's leading video surveillance information source, IPVM provides the best reporting, testing and training for 10,000+ members globally. Dedicated to independent and objective information, we uniquely refuse any and all advertisements, sponsorship and consulting from manufacturers.

About | FAQ | Contact