Sony Misleading Marketing Hides Cracked Backdoor

Author: Brian Karas, Published on Jan 25, 2017

Sony is attempting to deemphasize the severity of the backdoor uncovered in Ipela cameras.

Meanwhile, IPVM has verified that the root password for the backdoor has been cracked.

Downplaying the severity of the hard-coded backdoor puts both users, and Sony's brand, at risk, as we explain in this report. 

**** ** ********** ** *********** *** ******** ** *** ******** ********* ** ***** *******.

*********, **** *** ******** **** *** **** ******** *** *** backdoor *** **** *******.

*********** *** ******** ** *** ****-***** ******** **** **** *****, and ****'* *****, ** ****, ** ** ******* ** **** report. 

[***************]

Sony's *****

**** ***** ** ******* *** *** ** "******** ******* ********':

***** *********** ****, **** ** **** ********** * ********* ** a ****** ** **** ** "******** *********". ** *** ** off, **** ******** ** ******** ***** **** **** *** ** all ****** *** **** ***** ** ********* ******* ****.

Sony ******* ******* *******

****'* ******-****** ******** *** ******** ********* **** **** ** ******* that ***** **** ***** ******** **** ** ******* ******** ** ******* this *******:

Cracked ******** **** ********

**** *** ******* *** ***** *********, *** *********** ********* *** hashes *** *** **** ******** *** *** *** ****** **** the *********** ******** ***.

* ********* *** *********** ** *********** ******** ******** **** **** the *** *********** ******** **** ******** *** *** * *******, and ** ******** **** ** ******.

** **** ****** ** ******* **** *** **** ******** *** cracked **** ***** ***, *** **** ****** **** ****** **********, as *** ****** ******* *** ********* ** ******* ******. ***** it ** ******* *** **** *** **** *** ******* **** password *** **** *****, ***** ****** ** ** ***** **** it ** *******. 

****: ** *** *** ******* *** ******** **** ******** ***** ** is *** ****** ********* ****** *** ***** **, ** **** context, ***** ******** **** ** **** *****.

Misleading ********* **** ***** ** ****

**** ****** **** **** "********" ******* ******** ******* **** ***** **** security ** ** ******* ****** ******, ***** ** ********** ** **** case. ********* ******* *** ********* ********, ***** ****** **** ******** might ********** ****** **** **** *** ***** **** ****** ** they ******* ******** ***** ****** ** ******, *** ** ****** other ***** **** ******** ******* ********* ** ******* ** ******** user ********. *******, ***** ******* ****** **** ** ****** **** ****** who *** ***** **** *** * *******.

Sony ******* ** ******** ******

****** **'* **** ****'* ***** ******** ********* ******* ** ***** PC's**** **** ********* **** **** ** **** ******* *** **** knowing, *** ********** **** ***** ***** ** *** ********'* *********. In**** ** *** ******** **** ******* *** ****** ****** ** emails *** ***** ******* **** ** **** ********. ** **** ** ***** ********* ****'* ***** ******** ** public **********. ***** **** ** ***** ********* **** ******, ******* were ******** ******* ** ****'* ******** ********.

*** ******** ********** ** ***** *******, *** ****'* ******* ** acknowledge **, **** *** ******* ********* ******** *** ******** ** its *******, *** **** *** *** **** ****** ** **** ********* fully ***** ** ****.  *** **** ****** **** ******* *** not ** **** *********** ** **** ** ******* ****'* ******** ******** pales ** ********** ** *** ***** *** ****** *********.

Manufactures ****** *** ******** ******** ***********

***** ** ****** ******* ** ********** ** ******** ******** ** discovered ********, *********** ** *** ******* ********* ** *** ********, and ** ***** *** *****, ***** *** ****** *******. ********* are *** ****** ** *** *** ******** *******, ** ****** brands ** ****** ********, ** * ********* ******* ** ***** and ********* ******* **** **** ************* **** *** ************. *** **** may ****** ***** ******* ** **** **** *** **** *** manufacturer *** *** ******** ****** **** ** ******** *** ******* available ***** *** **** ********.

Comments (3)

Rodney Thayer

01/25/17 05:37pm

***** ****** ** * *** ****** *** **** *****. *** fact ***** ***'* ******** **** *****'* *** ***'* ********* *** itself (*** ****** ******* **** ****** ** *** *** *** elves ** ******** *** ************.) ******* ******* ** ** **** fail ** ****** ** *** ******** "****'* **** ***** ******** posture". *** **** * **** ******* ** ****** **** ********** than ***** ****** *******. ********, ******** ********* **** **** ********** bad *** *****.

**? ***'* **' ***** *** ***** ** **********-**** ******* ********** Sony *******?

Undisclosed #1

01/26/17 01:35am

*** **** *** ******** ** ****** ******* **** *** **** in **** **** *** *****.

*** **** *** **** ** *** ********** ** *** ****** syntax ***********:/debug/start-telnetd-sshd.cgi, which completes the exploit.

****, ** ** ********* *** *** **** ********* ** *** Consult ** ****** ****, *****.

Undisclosed #1

01/26/17 05:51pm

*******, *** ****** **** ** ***** *** ***** **** ******** from **** ****?

$*$$***************/******

** **,***'***** **, *'* **** ********* **** *** ****** ***, *** actually. *** * ******* ******* *** * ****** ***** ** it **** ** *******.

Login to read this IPVM report.
Why do I need to log in?
IPVM conducts unique testing and research funded by member's payments enabling us to offer the most independent, accurate and in-depth information.

Related Reports on Marketing

Knightscope Winning Investors, Struggling With Growth on Oct 16, 2018
While Knightscope's new financials show the company only winning 11 new customers in the past 12 months, the company continues to win new...
Huawei Admits AI "Bubble" on Oct 16, 2018
A fascinating article from the Chinese government's Global Times: Huawei’s AI ambition to reshape industries. While the Global Times talks about...
Amazon Touts Home Security Market Disruption on Oct 15, 2018
Amazon is coming for ADT and all of home security. Indeed, Amazon is advertising this as, in their own words, calling home security a: Inside...
ASIS GSX 2018 Mixed Manufacturer Reviews With Declining Overall Attendance on Oct 02, 2018
ASIS GSX 2018 show drew 9% fewer total registrants, however, it gained 15% more paid registrations, according to ASIS. In this note, we look...
The Robolliance is Dead on Oct 01, 2018
The Robolliance has died. Formed 2 years ago to fanfare, the robots-focused marketing machine is no more, having slipped quietly away sometime...
ASIS GSX 2018 Show Report on Sep 25, 2018
In the first major US show since the US government ban of Dahua and Hikvision was passed into law, the mega Chinese companies were in retreat and...
Dell Launches IoT for Surveillance on Sep 05, 2018
Historically, Dell has been a PC and server provider (e.g., "Dude, you're getting a Dell") and widely used for surveillance storage. However, in...
Hikvision FIPS 140-2 Cybersecurity Certification Examined on Aug 27, 2018
A week after the US government passed a law banning Hikvision, Hikvision announced it had obtained a FIPS 140-2 certification from the US...
$25 Million US COPS SVPP School Security Funding Examined on Jul 24, 2018
The US Congress has authorized the School Violence Prevention Program (SVPP) to fund various security measures and training to mitigate active...
Fail: Dahua "Didn't Check The Lux Levels but It Was Dark" on Jul 20, 2018
Dahua UK has been promoting their camera quality on LinkedIn: I, and others, asked what the lux level of the scene was. (background: Lux Rating...

Most Recent Industry Reports

Startup SafePass Profile on Oct 19, 2018
A major problem with visitor management is that the systems mostly require adhesive printed paper labels and paper logs, creating waste and an...
China Is Not A Security Megatrend, Says SIA on Oct 19, 2018
The US Security Industry Association has released its 10 "Security Megatrends" for 2019. SIA declares that these megatrends, such as "Advanced...
Hanwha Dual Imager Dome Camera Tested (PNM-7000VD) on Oct 18, 2018
Hanwha has introduced their first dual-imager model, the PNM-7000VD, a twin 1080p model featuring independently positionable sensors and a snap-in...
Camera Height / Blind Spot Added to IPVM Camera Calculator on Oct 18, 2018
IPVM has added camera height and blind spot estimation to the Camera Calculator. This is especially helpful for those who need to mount cameras up...
Axis Strong US Growth, Flat EMEA - Q3 2018 Financials on Oct 18, 2018
This spring, Axis had its best financials in many years (see Axis Strong Q2 2018 Results). However, over the summer, Axis had many products sold...
Best Alternatives to Banned Dahua and Hikvision on Oct 17, 2018
With the US government ban and a growing number of users banning Dahua and Hikvision, one key question is what to use for low cost? While Dahua and...
Video Quality / Compression Tutorial on Oct 17, 2018
While CODECs, like H.264, H.265, and MJPEG, get a lot of attention, a camera's 'quality' or compression setting has a big impact on overall...
Knightscope Winning Investors, Struggling With Growth on Oct 16, 2018
While Knightscope's new financials show the company only winning 11 new customers in the past 12 months, the company continues to win new...
Integrator Laptop Guide on Oct 16, 2018
This 18-page guide provides guidance and statistics about integrator laptop use. 150 integrators explained to IPVM in detail about their laptops,...
Huawei Admits AI "Bubble" on Oct 16, 2018
A fascinating article from the Chinese government's Global Times: Huawei’s AI ambition to reshape industries. While the Global Times talks about...

The world's leading video surveillance information source, IPVM provides the best reporting, testing and training for 10,000+ members globally. Dedicated to independent and objective information, we uniquely refuse any and all advertisements, sponsorship and consulting from manufacturers.

About | FAQ | Contact