Sony Misleading Marketing Hides Cracked Backdoor

Author: Brian Karas, Published on Jan 25, 2017

Sony is attempting to deemphasize the severity of the backdoor uncovered in Ipela cameras.

Meanwhile, IPVM has verified that the root password for the backdoor has been cracked.

Downplaying the severity of the hard-coded backdoor puts both users, and Sony's brand, at risk, as we explain in this report. 

**** ** ********** ** *********** *** ******** ** *** ******** ********* ** ***** *******.

*********, **** *** ******** **** *** **** ******** *** *** backdoor *** **** *******.

*********** *** ******** ** *** ****-***** ******** **** **** *****, and ****'* *****, ** ****, ** ** ******* ** **** report. 

[***************]

Sony's *****

**** ***** ** ******* *** *** ** "******** ******* ********':

***** *********** ****, **** ** **** ********** * ********* ** a ****** ** **** ** "******** *********". ** *** ** off, **** ******** ** ******** ***** **** **** *** ** all ****** *** **** ***** ** ********* ******* ****.

Sony ******* ******* *******

****'* ******-****** ******** *** ******** ********* **** **** ** ******* that ***** **** ***** ******** **** ** ******* ******** ** ******* this *******:

Cracked ******** **** ********

**** *** ******* *** ***** *********, *** *********** ********* *** hashes *** *** **** ******** *** *** *** ****** **** the *********** ******** ***.

* ********* *** *********** ** *********** ******** ******** **** **** the *** *********** ******** **** ******** *** *** * *******, and ** ******** **** ** ******.

** **** ****** ** ******* **** *** **** ******** *** cracked **** ***** ***, *** **** ****** **** ****** **********, as *** ****** ******* *** ********* ** ******* ******. ***** it ** ******* *** **** *** **** *** ******* **** password *** **** *****, ***** ****** ** ** ***** **** it ** *******. 

****: ** *** *** ******* *** ******** **** ******** ***** ** is *** ****** ********* ****** *** ***** **, ** **** context, ***** ******** **** ** **** *****.

Misleading ********* **** ***** ** ****

**** ****** **** **** "********" ******* ******** ******* **** ***** **** security ** ** ******* ****** ******, ***** ** ********** ** **** case. ********* ******* *** ********* ********, ***** ****** **** ******** might ********** ****** **** **** *** ***** **** ****** ** they ******* ******** ***** ****** ** ******, *** ** ****** other ***** **** ******** ******* ********* ** ******* ** ******** user ********. *******, ***** ******* ****** **** ** ****** **** ****** who *** ***** **** *** * *******.

Sony ******* ** ******** ******

****** **'* **** ****'* ***** ******** ********* ******* ** ***** PC's**** **** ********* **** **** ** **** ******* *** **** knowing, *** ********** **** ***** ***** ** *** ********'* *********. In**** ** *** ******** **** ******* *** ****** ****** ** emails *** ***** ******* **** ** **** ********. ** **** ** ***** ********* ****'* ***** ******** ** public **********. ***** **** ** ***** ********* **** ******, ******* were ******** ******* ** ****'* ******** ********.

*** ******** ********** ** ***** *******, *** ****'* ******* ** acknowledge **, **** *** ******* ********* ******** *** ******** ** its *******, *** **** *** *** **** ****** ** **** ********* fully ***** ** ****.  *** **** ****** **** ******* *** not ** **** *********** ** **** ** ******* ****'* ******** ******** pales ** ********** ** *** ***** *** ****** *********.

Manufactures ****** *** ******** ******** ***********

***** ** ****** ******* ** ********** ** ******** ******** ** discovered ********, *********** ** *** ******* ********* ** *** ********, and ** ***** *** *****, ***** *** ****** *******. ********* are *** ****** ** *** *** ******** *******, ** ****** brands ** ****** ********, ** * ********* ******* ** ***** and ********* ******* **** **** ************* **** *** ************. *** **** may ****** ***** ******* ** **** **** *** **** *** manufacturer *** *** ******** ****** **** ** ******** *** ******* available ***** *** **** ********.

Comments (3)

Rodney Thayer

01/25/17 05:37pm

***** ****** ** * *** ****** *** **** *****. *** fact ***** ***'* ******** **** *****'* *** ***'* ********* *** itself (*** ****** ******* **** ****** ** *** *** *** elves ** ******** *** ************.) ******* ******* ** ** **** fail ** ****** ** *** ******** "****'* **** ***** ******** posture". *** **** * **** ******* ** ****** **** ********** than ***** ****** *******. ********, ******** ********* **** **** ********** bad *** *****.

**? ***'* **' ***** *** ***** ** **********-**** ******* ********** Sony *******?

Undisclosed #1

01/26/17 01:35am

*** **** *** ******** ** ****** ******* **** *** **** in **** **** *** *****.

*** **** *** **** ** *** ********** ** *** ****** syntax ***********:/debug/start-telnetd-sshd.cgi, which completes the exploit.

****, ** ** ********* *** *** **** ********* ** *** Consult ** ****** ****, *****.

Undisclosed #1

01/26/17 05:51pm

*******, *** ****** **** ** ***** *** ***** **** ******** from **** ****?

$*$$***************/******

** **,***'***** **, *'* **** ********* **** *** ****** ***, *** actually. *** * ******* ******* *** * ****** ***** ** it **** ** *******.

Login to read this IPVM report.
Why do I need to log in?
IPVM conducts unique testing and research funded by member's payments enabling us to offer the most independent, accurate and in-depth information.

Related Reports on Marketing

IFSEC 2018 Final Show Report on Jun 20, 2018
IPVM attended the IFSEC show for the first time this year. The Chinese took over the show, centered on Hikvision, flanked by Dahua, Huawei and a...
Hikvision Corrects False Cybersecurity Announcement on Jun 18, 2018
Hikvision has corrected a false cybersecurity announcement that claimed a British government-sponsored program endorsed the cybersecurity of...
IPVM For PR / Marketing People on Jun 13, 2018
This post helps PR and Marketing people understand and productively work with IPVM (as much as possible given our independent, often critical,...
ReconaSense - The AI / Access Control / Analytics / IoT / Video Company Profile on Jun 12, 2018
One company's ISC West booth stood out for displaying a light-up tower of buzzwords. The company, ReconaSense, pledged to be 'making sense of it...
Dahua's Terrible Cybersecurity, Buys Credibility From PSA And SIA on Jun 04, 2018
Dahua has a terrible cybersecurity track record. But American organizations, like the Security Industry Association (SIA) and the PSA Security...
Ambitious Mobile Access Startup: Openpath on May 24, 2018
This team sold their last startup for hundreds of millions of dollars, now they have started Openpath to become a rare access control small...
Hikvision Source Code Transparency Center Examined on May 14, 2018
Following criticism of Hikvision's Chinese government ownership and Hikvision's IP camera backdoor, the company has responded with a series of...
March Networks Targets Cannabis Market on May 10, 2018
Will the next March Networks customer appreciation event be held a steakhouse or at a Taco Bell at 2 am? Can March sell the types of systems to the...
Integrators Divided On Website Importance to Business (Statistics) on May 04, 2018
Are websites important? Still quite a number of integrators have no websites.  New IPVM statistics show that nearly half of all integrators find a...
Rare Video Surveillance Fundraising - Verkada $15 Million on Apr 19, 2018
Fundraising in video surveillance (and the broader physical security market) has been poor recently. Highlights are few and far in between...

Most Recent Industry Reports

July 2018 IP Networking Course on Jun 22, 2018
  This is the only networking course designed specifically for video surveillance professionals. Register now. Lots of network training exists...
Installation Hardware for Video Surveillance - Indoor Fasteners on Jun 22, 2018
As part of our Installation for Video Surveillance series, in this note, we cover drywall anchors. A key part of installing security hardware is...
Hikvision ColorVu Integrated Visible Light Cameras Examined on Jun 22, 2018
When it comes to low light, infrared light has become the defacto standard in surveillance. But IR is limited to monochrome images, making colors...
'Secure Channel' OSDP Access Control Examined on Jun 21, 2018
Despite claiming to be better than Wiegand, OSDP's initial releases did not address the lack of encryption between reader and controller, leaving...
Most Wanted Improvements In Manufacturer Technical Support (Statistics) on Jun 21, 2018
5 key areas of improvement and 1 clear wanted support feature were voiced by 140+ integrator responses to: What improvement in manufacturer...
GDPR / ICO Complaint Filed Against IFSEC Show Facial Recognition on Jun 20, 2018
IPVM has filed a complaint against IFSEC’s parent company UBM based on our concern that the conference violates core GDPR principles on...
IFSEC 2018 Final Show Report on Jun 20, 2018
IPVM attended the IFSEC show for the first time this year. The Chinese took over the show, centered on Hikvision, flanked by Dahua, Huawei and a...
Mobotix Releases 'Move' Into 21st Century on Jun 20, 2018
For years, Mobotix stood resolutely against, well, every other manufacturer, selling it as a virtue: MOBOTIX equipment is designed with no...
Cybersecurity Startup VDOO Disclosing 10 Manufacturer Vulnerabilities Starting With Axis And Foscam on Jun 20, 2018
Cybersecurity startup VDOO has uncovered significant vulnerabilities in Axis cameras along with many others not yet disclosed. In this report, we...
Axis Guardian - Cloud VMS And Alarm Monitoring - Released on Jun 19, 2018
Axis has struggled to deliver a cloud-based managed service video platform. Video service providers have utilized AVHS for over a decade, and have...

The world's leading video surveillance information source, IPVM provides the best reporting, testing and training for 10,000+ members globally. Dedicated to independent and objective information, we uniquely refuse any and all advertisements, sponsorship and consulting from manufacturers.

About | FAQ | Contact