Sony Misleading Marketing Hides Cracked Backdoor

By: Brian Karas, Published on Jan 25, 2017

Sony is attempting to deemphasize the severity of the backdoor uncovered in Ipela cameras.

Meanwhile, IPVM has verified that the root password for the backdoor has been cracked.

Downplaying the severity of the hard-coded backdoor puts both users, and Sony's brand, at risk, as we explain in this report. 

**** ** ********** ** *********** *** severity ** *** ******** ********* ** ***** cameras.

*********, **** *** ******** that *** **** ******** for *** ******** *** been *******.

*********** *** ******** ** the ****-***** ******** **** both *****, *** ****'* brand, ** ****, ** we ******* ** **** report. 

[***************]

Sony's *****

**** ***** ** ******* the *** ** "******** network ********':

***** *********** ****, **** is **** ********** * pacemaker ** * ****** to **** ** "******** heartbeat". ** *** ** off, **** ******** ** abstract ***** **** **** not ** *** ****** the **** ***** ** unpatched ******* ****.

Sony ******* ******* *******

****'* ******-****** ******** *** firmware ********* **** **** to ******* **** ***** with ***** ******** **** to upgrade ******** ** ******* this *******:

Cracked ******** **** ********

**** *** ******* *** first *********, *** *********** published *** ****** *** the **** ******** *** did *** ****** **** the *********** ******** ***.

* ********* *** *********** in *********** ******** ******** IPVM **** *** *** unencrypted ******** **** ******** for *** * *******, and ** ******** **** it ******.

** **** ****** ** believe **** *** **** password *** ******* **** years ***, *** **** secret **** ****** **********, as *** ****** ******* was ********* ** ******* boards. ***** ** ** unclear *** **** *** wide *** ******* **** password *** **** *****, there ****** ** ** doubt **** ** ** cracked. 

****: ** *** *** sharing *** ******** **** password ***** ** ** *** easily ********* ****** *** doing **, ** **** context, ***** ******** **** to **** *****.

Misleading ********* **** ***** ** ****

**** ****** **** **** "improved" ******* ******** ******* they ***** **** ******** ** ** already ****** ******, ***** is ********** ** **** case. ********* ******* *** extremely ********, ***** ****** this ******** ***** ********** assume **** **** *** avoid **** ****** ** they ******* ******** ***** system ** ******, *** to ****** ***** ***** like ******** ******* ********* or ******* ** ******** user ********. *******, ***** ******* remain **** ** ****** from ****** *** *** reach **** *** * network.

Sony ******* ** ******** ******

****** **'* **** ****'* music ******** ********* ******* on ***** **'***** **** ********* **** back ** **** ******* the **** *******, *** interfered **** ***** ***** of *** ********'* *********. In**** ** *** ******** that ******* *** ****** access ** ****** *** other ******* **** ** Sony ********. ** **** ** these ********* ****'* ***** suffered ** ****** **********. While **** ** ***** incidents **** ******, ******* were ******** ******* ** Sony's ******** ********.

*** ******** ********** ** Ipela *******, *** ****'* failure ** *********** **, show *** ******* ********* weakened *** ******** ** its *******, *** **** has *** **** ****** to make ********* ***** ***** of ****.  *** **** reason **** ******* *** not ** **** *********** to **** ** ******* ****'* Security ******** ***** ** comparison ** *** ***** and ****** *********.

Manufactures ****** *** ******** ******** ***********

***** ** ****** ******* to ********** ** ******** severity ** ********** ********, information ** *** ******* available ** *** ********, and ** ***** *** shown, ***** *** ****** quickly. ********* *** *** likely ** *** *** existing *******, ** ****** brands ** ****** ********, if * ********* ******* is ***** *** ********* quickly **** **** ************* from *** ************. *** **** may ****** ***** ******* if **** **** *** that *** ************ *** not ******** ****** **** of ******** *** ******* available ***** *** **** exploits.

Comments (3)

Rodney Thayer

01/25/17 05:37pm

There should be a CVE number for this issue.  The fact there isn't suggests Sony doesn't get CVE's allocated for itself (and nobody shouted loud enough to get the CVE elves to allocate one unilaterally.)  Classic example of an epic fail in answer to the question "what's your cyber security posture".  The fact a flaw existed is almost less disturbing than their denial process.  Although, backdoor passwords have been considered bad for years.

 

So?  How's it' going out there in integrator-land selling vulnerable Sony cameras?

Undisclosed #1

01/26/17 01:35am

The Gen6 DES password is easily cracked from the hash in less than two hours.

The real gem here is the revelation of the script syntax surrounding: /debug/start-telnetd-sshd.cgi, which completes the exploit.

This, to my knowledge has not been published by SEC Consult or anyone else, AFAIK.

Undisclosed #1

01/26/17 05:51pm

Curious, was anyone able to crack the Ipela Gen5 password from this hash?

$1$$mhF8LHkOmSgbD88/WrM790

If so, don't post it, I'm just wondering what the length etc, was actually.  Had a process running for a couple weeks on it with no results.

Read this IPVM report for free.

This article is part of IPVM's 6,307 reports, 842 tests and is only available to members. To get a one-time preview of our work, enter your work email to access the full article.

Already a member? Login here | Join now

Related Reports

China DVR/NVR Backdoor Discovered, Huawei Refutes on Feb 07, 2020
A backdoor was found in Chinese-produced DVRs and NVRs that secretly allowed access to the recorders. While it was first attributed to Huawei...
Dahua New Critical Vulnerability 2019 on Sep 23, 2019
Dahua has quietly admitted 5 new vulnerabilities including 1 critical vulnerability with a 9.8 / 10.0 CVSS score and 2 high vulnerabilities (scored...
Uniview OEM Directory on Sep 11, 2019
This directory lists 20+ companies that OEM products from Uniview, with a graphic and links to company websites below. It does not cover all...
ONVIF Exposure To "Devastating DDoS Attacks" Examined on Sep 06, 2019
ZDnet reported "Protocol used by 630,000 devices can be abused for devastating DDoS attacks", citing exposure of ONVIF devices. And after an...
Mobotix First CNPP CCTV Cybersecurity Certification Examined on Sep 05, 2019
Mobotix recently became the first video surveillance manufacturer to receive the CNPP cybsersecurity certification for its cameras, in which they...
Critical Vulnerability Across 18+ Network Switch Vendors: Cisco, Netgear, More on Aug 26, 2019
Cisco, Netgear and more than a dozen other brands, including small Asian ones, have been found to share the same critical vulnerability, discovered...
Dahua OEM Directory on Aug 16, 2019
US Government banned Dahua OEMs for dozens of companies. The following directory includes 40+ of those companies with a graphic and links to...
Honeywell Speaks On NDAA Ban, New Non-Banned Cameras and Cybersecurity on Aug 06, 2019
For years, Honeywell has depended on Dahua, a company with a poor cybersecurity track record and now banned by the US NDAA, for the development and...
Dahua Wiretapping Vulnerability on Aug 02, 2019
IPVM has validated, with testing, and from Dahua, that many Dahua cameras have a wiretapping vulnerability. Even if the camera's audio has been...
LifeSafety Power NetLink Vulnerabilities And Problematic Response on May 20, 2019
'Power supplies' are not devices that many think about when considering vulnerabilities but as more and more devices go 'online', the risks for...

Most Recent Industry Reports

JCI / Tyco Security Products Layoffs on Jun 05, 2020
Johnson Controls / Tyco Security Products has confirmed COVID-19 related layoffs, expanding upon the April coronavirus cuts the company previously...
EyePark Presents Mobile Driver Authentication on Jun 05, 2020
EyePark presented its long-range QR code parking verification platform at the May 2020 IPVM Startups show. A 30-minute video from EyePark...
Bleenco "Under The Tongue" Temperature Detection Examined on Jun 05, 2020
"Say aah", says Bleenco, a PPE detection video analytics company, offering a different method for measuring body temperature with a thermal...
Hikvision and Uniview Entry Level Thermal Handheld Cameras Tested on Jun 05, 2020
While most screening systems cost $10,000 or more, manufacturers such as Hikvision and Uniview have now released handheld models for $1,000 or...
Sequr Presents HID based Cloud Access Control on Jun 04, 2020
Sequr presented HID based Cloud Access Control at the May 2020 IPVM Startups show. Inside this report: A 30-minute video from Sequr...
VergeSense Presents People Tracking Sensor on Jun 04, 2020
VergeSense presented its people tracking sensor and social distancing insights at the May 2020 IPVM Startups show. A 30-minute video from...
FLIR A Series Temperature Screening Cameras Tested on Jun 04, 2020
FLIR is one of the biggest names in thermal and one of the most conservative. While rivals have marketed fever detection, FLIR has stuck to EST...
"Fever Camera" Show On-Demand Watch Now on Jun 03, 2020
IPVM has successfully completed the world's first "Fever Camera" show. Recordings from both days are posted at the end of this report for on-demand...
Cobalt Robotics Presents Indoor Security and Access Robots on Jun 03, 2020
Cobalt Robotics presented indoor security robots at the May 2020 IPVM Startups show. Inside this report: A 30-minute video from Cobalt...
Dahua Sues Ex-North American President, Says Legal Typo on Jun 03, 2020
Dahua's former North American President Frank Zhang claims he is owed almost $11 million but Dahua counter claims it is just a "scrivener's error",...