Sony Misleading Marketing Hides Cracked Backdoor

By: Brian Karas, Published on Jan 25, 2017

Sony is attempting to deemphasize the severity of the backdoor uncovered in Ipela cameras.

Meanwhile, IPVM has verified that the root password for the backdoor has been cracked.

Downplaying the severity of the hard-coded backdoor puts both users, and Sony's brand, at risk, as we explain in this report. 

**** ** ********** ** *********** *** severity ** *** ******** ********* ** ***** cameras.

*********, **** *** ******** that *** **** ******** for *** ******** *** been *******.

*********** *** ******** ** the ****-***** ******** **** both *****, *** ****'* brand, ** ****, ** we ******* ** **** report. 

[***************]

Sony's *****

**** ***** ** ******* the *** ** "******** network ********':

***** *********** ****, **** is **** ********** * pacemaker ** * ****** to **** ** "******** heartbeat". ** *** ** off, **** ******** ** abstract ***** **** **** not ** *** ****** the **** ***** ** unpatched ******* ****.

Sony ******* ******* *******

****'* ******-****** ******** *** firmware ********* **** **** to ******* **** ***** with ***** ******** **** to upgrade ******** ** ******* this *******:

Cracked ******** **** ********

**** *** ******* *** first *********, *** *********** published *** ****** *** the **** ******** *** did *** ****** **** the *********** ******** ***.

* ********* *** *********** in *********** ******** ******** IPVM **** *** *** unencrypted ******** **** ******** for *** * *******, and ** ******** **** it ******.

** **** ****** ** believe **** *** **** password *** ******* **** years ***, *** **** secret **** ****** **********, as *** ****** ******* was ********* ** ******* boards. ***** ** ** unclear *** **** *** wide *** ******* **** password *** **** *****, there ****** ** ** doubt **** ** ** cracked. 

****: ** *** *** sharing *** ******** **** password ***** ** ** *** easily ********* ****** *** doing **, ** **** context, ***** ******** **** to **** *****.

Misleading ********* **** ***** ** ****

**** ****** **** **** "improved" ******* ******** ******* they ***** **** ******** ** ** already ****** ******, ***** is ********** ** **** case. ********* ******* *** extremely ********, ***** ****** this ******** ***** ********** assume **** **** *** avoid **** ****** ** they ******* ******** ***** system ** ******, *** to ****** ***** ***** like ******** ******* ********* or ******* ** ******** user ********. *******, ***** ******* remain **** ** ****** from ****** *** *** reach **** *** * network.

Sony ******* ** ******** ******

****** **'* **** ****'* music ******** ********* ******* on ***** **'***** **** ********* **** back ** **** ******* the **** *******, *** interfered **** ***** ***** of *** ********'* *********. In**** ** *** ******** that ******* *** ****** access ** ****** *** other ******* **** ** Sony ********. ** **** ** these ********* ****'* ***** suffered ** ****** **********. While **** ** ***** incidents **** ******, ******* were ******** ******* ** Sony's ******** ********.

*** ******** ********** ** Ipela *******, *** ****'* failure ** *********** **, show *** ******* ********* weakened *** ******** ** its *******, *** **** has *** **** ****** to make ********* ***** ***** of ****.  *** **** reason **** ******* *** not ** **** *********** to **** ** ******* ****'* Security ******** ***** ** comparison ** *** ***** and ****** *********.

Manufactures ****** *** ******** ******** ***********

***** ** ****** ******* to ********** ** ******** severity ** ********** ********, information ** *** ******* available ** *** ********, and ** ***** *** shown, ***** *** ****** quickly. ********* *** *** likely ** *** *** existing *******, ** ****** brands ** ****** ********, if * ********* ******* is ***** *** ********* quickly **** **** ************* from *** ************. *** **** may ****** ***** ******* if **** **** *** that *** ************ *** not ******** ****** **** of ******** *** ******* available ***** *** **** exploits.

Comments (3)

There should be a CVE number for this issue.  The fact there isn't suggests Sony doesn't get CVE's allocated for itself (and nobody shouted loud enough to get the CVE elves to allocate one unilaterally.)  Classic example of an epic fail in answer to the question "what's your cyber security posture".  The fact a flaw existed is almost less disturbing than their denial process.  Although, backdoor passwords have been considered bad for years.

 

So?  How's it' going out there in integrator-land selling vulnerable Sony cameras?

The Gen6 DES password is easily cracked from the hash in less than two hours.

The real gem here is the revelation of the script syntax surrounding: /debug/start-telnetd-sshd.cgi, which completes the exploit.

This, to my knowledge has not been published by SEC Consult or anyone else, AFAIK.

Curious, was anyone able to crack the Ipela Gen5 password from this hash?

$1$$mhF8LHkOmSgbD88/WrM790

If so, don't post it, I'm just wondering what the length etc, was actually.  Had a process running for a couple weeks on it with no results.

Login to read this IPVM report.
Why do I need to log in?
IPVM conducts unique testing and research funded by member's payments enabling us to offer the most independent, accurate and in-depth information.

Related Reports

Verint Victimized By Ransomware on Apr 18, 2019
Verint, which is best known in the physical security industry for video surveillance but has built a sizeable cybersecurity business as well, was...
Security Fail: ASISNYC Auto Emails Passwords In Plain Text on May 14, 2019
ASIS NYC automatically emails a user with the password the user just entered, in plain text, when one registers for the site / event, as the...
LifeSafety Power NetLink Vulnerabilities And Problematic Response on May 20, 2019
'Power supplies' are not devices that many think about when considering vulnerabilities but as more and more devices go 'online', the risks for...
Dahua Wiretapping Vulnerability on Aug 02, 2019
IPVM has validated, with testing, and from Dahua, that many Dahua cameras have a wiretapping vulnerability. Even if the camera's audio has been...
Dahua OEM Directory on Aug 16, 2019
US Government banned Dahua OEMs for dozens of companies. The following directory includes 40+ of those companies with a graphic and links to...
Uniview OEM Directory on Sep 11, 2019
This directory lists 20+ companies that OEM products from Uniview, with a graphic and links to company websites below. It does not cover all...
Critical Vulnerability Across 18+ Network Switch Vendors: Cisco, Netgear, More on Aug 26, 2019
Cisco, Netgear and more than a dozen other brands, including small Asian ones, have been found to share the same critical vulnerability, discovered...
Mobotix First CNPP CCTV Cybersecurity Certification Examined on Sep 05, 2019
Mobotix recently became the first video surveillance manufacturer to receive the CNPP cybsersecurity certification for its cameras, in which they...
ONVIF Exposure To "Devastating DDoS Attacks" Examined on Sep 06, 2019
ZDnet reported "Protocol used by 630,000 devices can be abused for devastating DDoS attacks", citing exposure of ONVIF devices. And after an...
Dahua New Critical Vulnerability 2019 on Sep 23, 2019
Dahua has quietly admitted 5 new vulnerabilities including 1 critical vulnerability with a 9.8 / 10.0 CVSS score and 2 high vulnerabilities (scored...

Most Recent Industry Reports

Every VMS Will Become a VSaaS on Feb 21, 2020
VMS is ending. Soon every VMS will be a VSaaS. Competitive dynamics will be redrawn. What does this mean? VMS Historically...
Video Surveillance 101 Course - Last Chance on Feb 20, 2020
This is the last chance to join IPVM's first Video Surveillance 101 course, designed to help those new to the industry to quickly understand the...
Vulnerability Directory For Access Credentials on Feb 20, 2020
Knowing which access credentials are insecure can be difficult to see, especially because most look and feel the same. Even insecure 125 kHz...
AI/Smart Camera Tutorial on Feb 20, 2020
Cameras with video analytics, sometimes called 'Smart' camera or 'AI' cameras, etc. are one of the most promising growth areas of video...
China Manufacturer Suffers Coronavirus Scare on Feb 20, 2020
Uniview suffered a significant health scare last week after one of its employees reported a fever and initially tested positive for coronavirus....
Cheap Camera Problems at Night on Feb 19, 2020
Cheap cameras generally have problems at night, despite the common perception that integrated IR makes cameras mostly the same, according to new...
Milestone Launches Multiple Cloud Solutions on Feb 18, 2020
Milestone is going to the cloud, becoming one of the last prominent VMSes to do so. Milestone is clearly late but how competitive do these new...
Video Surveillance Architecture 101 on Feb 18, 2020
Video surveillance can be designed and deployed in a number of ways. This 101 examines the most common options and architectures used in...
UK Stands Behind Hikvision But Controversy Continues on Feb 18, 2020
Hikvision is exhibiting at a UK government conference for law enforcement, provoking controversy from the press, politicians, and activists due to...
IronYun AI Analytics Tested on Feb 17, 2020
Taiwan startup IronYun has raised tens of millions for its "mission to be the leading Artificial Intelligence, big data video software as a service...