Sony Misleading Marketing Hides Cracked Backdoor

Author: Brian Karas, Published on Jan 25, 2017

Sony is attempting to deemphasize the severity of the backdoor uncovered in Ipela cameras.

Meanwhile, IPVM has verified that the root password for the backdoor has been cracked.

Downplaying the severity of the hard-coded backdoor puts both users, and Sony's brand, at risk, as we explain in this report. 

**** ** ********** ** *********** *** ******** ** *** ******** ********* ** ***** *******.

*********, **** *** ******** **** *** **** ******** *** *** backdoor *** **** *******.

*********** *** ******** ** *** ****-***** ******** **** **** *****, and ****'* *****, ** ****, ** ** ******* ** **** report. 

[***************]

Sony's *****

**** ***** ** ******* *** *** ** "******** ******* ********':

***** *********** ****, **** ** **** ********** * ********* ** a ****** ** **** ** "******** *********". ** *** ** off, **** ******** ** ******** ***** **** **** *** ** all ****** *** **** ***** ** ********* ******* ****.

Sony ******* ******* *******

****'* ******-****** ******** *** ******** ********* **** **** ** ******* that ***** **** ***** ******** **** ** ******* ******** ** ******* this *******:

Cracked ******** **** ********

**** *** ******* *** ***** *********, *** *********** ********* *** hashes *** *** **** ******** *** *** *** ****** **** the *********** ******** ***.

* ********* *** *********** ** *********** ******** ******** **** **** the *** *********** ******** **** ******** *** *** * *******, and ** ******** **** ** ******.

** **** ****** ** ******* **** *** **** ******** *** cracked **** ***** ***, *** **** ****** **** ****** **********, as *** ****** ******* *** ********* ** ******* ******. ***** it ** ******* *** **** *** **** *** ******* **** password *** **** *****, ***** ****** ** ** ***** **** it ** *******. 

****: ** *** *** ******* *** ******** **** ******** ***** ** is *** ****** ********* ****** *** ***** **, ** **** context, ***** ******** **** ** **** *****.

Misleading ********* **** ***** ** ****

**** ****** **** **** "********" ******* ******** ******* **** ***** **** security ** ** ******* ****** ******, ***** ** ********** ** **** case. ********* ******* *** ********* ********, ***** ****** **** ******** might ********** ****** **** **** *** ***** **** ****** ** they ******* ******** ***** ****** ** ******, *** ** ****** other ***** **** ******** ******* ********* ** ******* ** ******** user ********. *******, ***** ******* ****** **** ** ****** **** ****** who *** ***** **** *** * *******.

Sony ******* ** ******** ******

****** **'* **** ****'* ***** ******** ********* ******* ** ***** PC's**** **** ********* **** **** ** **** ******* *** **** knowing, *** ********** **** ***** ***** ** *** ********'* *********. In**** ** *** ******** **** ******* *** ****** ****** ** emails *** ***** ******* **** ** **** ********. ** **** ** ***** ********* ****'* ***** ******** ** public **********. ***** **** ** ***** ********* **** ******, ******* were ******** ******* ** ****'* ******** ********.

*** ******** ********** ** ***** *******, *** ****'* ******* ** acknowledge **, **** *** ******* ********* ******** *** ******** ** its *******, *** **** *** *** **** ****** ** **** ********* fully ***** ** ****.  *** **** ****** **** ******* *** not ** **** *********** ** **** ** ******* ****'* ******** ******** pales ** ********** ** *** ***** *** ****** *********.

Manufactures ****** *** ******** ******** ***********

***** ** ****** ******* ** ********** ** ******** ******** ** discovered ********, *********** ** *** ******* ********* ** *** ********, and ** ***** *** *****, ***** *** ****** *******. ********* are *** ****** ** *** *** ******** *******, ** ****** brands ** ****** ********, ** * ********* ******* ** ***** and ********* ******* **** **** ************* **** *** ************. *** **** may ****** ***** ******* ** **** **** *** **** *** manufacturer *** *** ******** ****** **** ** ******** *** ******* available ***** *** **** ********.

Comments (3)

Rodney Thayer

01/25/17 05:37pm

***** ****** ** * *** ****** *** **** *****. *** fact ***** ***'* ******** **** *****'* *** ***'* ********* *** itself (*** ****** ******* **** ****** ** *** *** *** elves ** ******** *** ************.) ******* ******* ** ** **** fail ** ****** ** *** ******** "****'* **** ***** ******** posture". *** **** * **** ******* ** ****** **** ********** than ***** ****** *******. ********, ******** ********* **** **** ********** bad *** *****.

**? ***'* **' ***** *** ***** ** **********-**** ******* ********** Sony *******?

Undisclosed #1

01/26/17 01:35am

*** **** *** ******** ** ****** ******* **** *** **** in **** **** *** *****.

*** **** *** **** ** *** ********** ** *** ****** syntax ***********:/debug/start-telnetd-sshd.cgi, which completes the exploit.

****, ** ** ********* *** *** **** ********* ** *** Consult ** ****** ****, *****.

Undisclosed #1

01/26/17 05:51pm

*******, *** ****** **** ** ***** *** ***** **** ******** from **** ****?

$*$$***************/******

** **,***'***** **, *'* **** ********* **** *** ****** ***, *** actually. *** * ******* ******* *** * ****** ***** ** it **** ** *******.

Login to read this IPVM report.
Why do I need to log in?
IPVM conducts unique testing and research funded by member's payments enabling us to offer the most independent, accurate and in-depth information.

Related Reports on Marketing

Vivotek Acquisition Offer From Delta on Aug 10, 2017
One of the largest remaining independent video surveillance manufacturers has received an offer to become majority owned by Delta Group, a Taiwan...
Competing Against ADT on Jul 20, 2017
ADT is one of the biggest players in the security industry, with ~$4 billion revenue. In 2017, they were acquired / merged with Protection...
Hikvision USA Head of Cybersecurity Exits on Jul 18, 2017
Hikvision USA's Head of Cybersecurity has exited the company. In this note, we review the move, share Hikvision's feedback and examine the...
Top 5 Improvements For Manufacturer Sales People on Jun 28, 2017
Manufacturer sales people are very important to integrators, but it takes more than just punching a clock to be successful and truly valuable to...
No Personal Opinions About Work on Jun 26, 2017
One rising trend is the tendency for people to disclaim their statements on work related topics as their own 'opinions' or 'personal...
Hikvision: IPVM Is "Destined To Fail" on Jun 14, 2017
Hikvision has accused IPVM of 'cyberbullying' them, declaring IPVM 'destined to fail.' This is the 3rd anti-IPVM Hikvision post in 2 weeks,...
NLSS / ATV Partnership Examined on Jun 13, 2017
NLSS has been one of the most ambitious security / surveillance startups. After selling his last startup, Sypixx, to Cisco, Pete...
ShotSpotter IPOs, Facing Low Revenue and Losses on Jun 09, 2017
A rare event for North American security manufacturers has happened. ShotSpotter has IPOed on the NASDAQ, raising $30.8 million. US IPOs,...
Avigilon New COO James Henderson Profile on May 23, 2017
It has been nearly 2 years since the infamous Bryan Schmode 'resigned' as Avigilon COO. Now, Avigilon once again has a COO, promoting James...
Hikvision Marketer Caught Spamming, Fails at Coverup, Fired on May 23, 2017
A Hikvision marketing employee was caught by IPCamTalk trying to surreptitiously disparage IPVM and IPCamTalk. This is an outgrowth of Hikvision's...

Most Recent Industry Reports

FLIR Restructures Security Division on Aug 22, 2017
FLIR's goal was once to have a single end-to-end security solution. However, FLIR's Security business unit has been struggling, with several areas...
Honeywell Total Connect 2.0 Tested on Aug 22, 2017
Honeywell is one of the biggest brands in security, with Total Connect 2.0 being the company's remote security and smarthome platform. We bought...
IP Camera Cabling Testing Statistics on Aug 22, 2017
Test and certify, or crimp and pray? Some integrators certify every cable they run, while others only inspect cables that have video issues. 130...
Dahua 4K IR PTZ Tested on Aug 21, 2017
4K has made its way to IR PTZs. In this report, we examine the Dahua 6AE830VNI, a 4K PTZ with 30x optical zoom, 200m (~650') integrated IR, and...
Top Used License Plate Capture Cameras on Aug 21, 2017
Capturing license plates is a common video surveillance application. But what cameras do integrators mostly commonly used? Special purpose LPC...
VLAN For Video Surveillance Usage Statistics on Aug 21, 2017
VLANs (see our tutorial) are an option for networks using video surveillance, but how often are they actually used? 125+ integrators told us how...
Avigilon CEO Attacks Asian Companies Cyber Insecurity on Aug 18, 2017
Avigilon CEO is taking aim at their Asian competitors. And he is going directly after these company's cyber security issues. In this note, we...
Sony Next Gen HD Dome Camera Tested (SNC-EM642R) on Aug 18, 2017
Sony has released their latest generation, claiming improved WDR and low light, increased IR range, and more. We tested the SNC-EM642R outdoor IR...
IP Networking Course September 2017 on Aug 17, 2017
This is the only networking course designed specifically for video surveillance professionals plus it includes live training, personal help and...
Knightscope Raises $10 Million With $3,320 Average Per Investor on Aug 17, 2017
Congrats to Knightscope. And condolences to their legion of little investors. Knightscope has disclosed they have raised $10+ million from their...

The world's leading video surveillance information source, IPVM provides the best reporting, testing and training for 10,000+ members globally. Dedicated to independent and objective information, we uniquely refuse any and all advertisements, sponsorship and consulting from manufacturers.

About | FAQ | Contact