Sony Misleading Marketing Hides Cracked Backdoor

By: Brian Karas, Published on Jan 25, 2017

Sony is attempting to deemphasize the severity of the backdoor uncovered in Ipela cameras.

Meanwhile, IPVM has verified that the root password for the backdoor has been cracked.

Downplaying the severity of the hard-coded backdoor puts both users, and Sony's brand, at risk, as we explain in this report. 

Sony's *****

**** ***** ** ******* the *** ** "******** network ********':

***** *********** ****, **** is **** ********** * pacemaker ** * ****** to **** ** "******** heartbeat". ** *** ** off, **** ******** ** abstract ***** **** **** not ** *** ****** the **** ***** ** unpatched ******* ****.

Sony ******* ******* *******

****'* ******-****** ******** *** firmware ********* **** **** to ******* **** ***** with ***** ******** **** to upgrade ******** ** ******* this *******:

Cracked ******** **** ********

**** *** ******* *** first *********, *** *********** published *** ****** *** the **** ******** *** did *** ****** **** the *********** ******** ***.

* ********* *** *********** in *********** ******** ******** IPVM **** *** *** unencrypted ******** **** ******** for *** * *******, and ** ******** **** it ******.

** **** ****** ** believe **** *** **** password *** ******* **** years ***, *** **** secret **** ****** **********, as *** ****** ******* was ********* ** ******* boards. ***** ** ** unclear *** **** *** wide *** ******* **** password *** **** *****, there ****** ** ** doubt **** ** ** cracked. 

****: ** *** *** sharing *** ******** **** password ***** ** ** *** easily ********* ****** *** doing **, ** **** context, ***** ******** **** to **** *****.

Misleading ********* **** ***** ** ****

**** ****** **** **** "improved" ******* ******** ******* they ***** **** ******** ** ** already ****** ******, ***** is ********** ** **** case. ********* ******* *** extremely ********, ***** ****** this ******** ***** ********** assume **** **** *** avoid **** ****** ** they ******* ******** ***** system ** ******, *** to ****** ***** ***** like ******** ******* ********* or ******* ** ******** user ********. *******, ***** ******* remain **** ** ****** from ****** *** *** reach **** *** * network.

Sony ******* ** ******** ******

****** **'* **** ****'* music ******** ********* ******* on ***** **'***** **** ********* **** back ** **** ******* the **** *******, *** interfered **** ***** ***** of *** ********'* *********. In**** ** *** ******** that ******* *** ****** access ** ****** *** other ******* **** ** Sony ********. ** **** ** these ********* ****'* ***** suffered ** ****** **********. While **** ** ***** incidents **** ******, ******* were ******** ******* ** Sony's ******** ********.

*** ******** ********** ** Ipela *******, *** ****'* failure ** *********** **, show *** ******* ********* weakened *** ******** ** its *******, *** **** has *** **** ****** to make ********* ***** ***** of ****.  *** **** reason **** ******* *** not ** **** *********** to **** ** ******* ****'* Security ******** ***** ** comparison ** *** ***** and ****** *********.

Manufactures ****** *** ******** ******** ***********

***** ** ****** ******* to ********** ** ******** severity ** ********** ********, information ** *** ******* available ** *** ********, and ** ***** *** shown, ***** *** ****** quickly. ********* *** *** likely ** *** *** existing *******, ** ****** brands ** ****** ********, if * ********* ******* is ***** *** ********* quickly **** **** ************* from *** ************. *** **** may ****** ***** ******* if **** **** *** that *** ************ *** not ******** ****** **** of ******** *** ******* available ***** *** **** exploits.

Comments (3)

Undisclosed

01/25/17 05:37pm

There should be a CVE number for this issue.  The fact there isn't suggests Sony doesn't get CVE's allocated for itself (and nobody shouted loud enough to get the CVE elves to allocate one unilaterally.)  Classic example of an epic fail in answer to the question "what's your cyber security posture".  The fact a flaw existed is almost less disturbing than their denial process.  Although, backdoor passwords have been considered bad for years.

 

So?  How's it' going out there in integrator-land selling vulnerable Sony cameras?

Undisclosed #1

IPVMU Certified | 01/26/17 01:35am

The Gen6 DES password is easily cracked from the hash in less than two hours.

The real gem here is the revelation of the script syntax surrounding: /debug/start-telnetd-sshd.cgi, which completes the exploit.

This, to my knowledge has not been published by SEC Consult or anyone else, AFAIK.

Undisclosed #1

IPVMU Certified | 01/26/17 05:51pm

Curious, was anyone able to crack the Ipela Gen5 password from this hash?

$1$$mhF8LHkOmSgbD88/WrM790

If so, don't post it, I'm just wondering what the length etc, was actually.  Had a process running for a couple weeks on it with no results.

Read this IPVM report for free.

This article is part of IPVM's 6,534 reports, 880 tests and is only available to members. To get a one-time preview of our work, enter your work email to access the full article.

Already a member? Login here | Join now

Related Reports

Anixter Runs Fake Coronavirus Marketing Using Shutterstock Watermarked Images on Jul 24, 2020
Coronavirus faked marketing is regrettably commonplace right now but Anixter...
Forced Door Alarms For Access Control Tutorial on Aug 17, 2020
One of the most important access control alarms is also often ignored....
Drain Wire For Access Control Reader Tutorial on Sep 23, 2020
An easy-to-miss cabling specification plays a key role in access control, yet...
Face Masks Increase Face Recognition Errors Says NIST on Aug 04, 2020
COVID-19 has led to widespread facemask use, which as IPVM testing has shown...
Faked Convergint Fever Camera 'Expert' Marketing on Jun 16, 2020
Convergint touts they are "THERMAL CAMERA SOLUTION EXPERTS" while faking...
Temperature Screening From The Protection Bureau and ZKTeco Violate IEC Standards and FDA Correct Operation on Jun 22, 2020
ZKTeco and integrator The Protection Bureau are marketing an installation...
Clinton Public View Monitor (PVM) Mask Detection Tested on Jul 09, 2020
Face mask detection, or more specifically not wearing one, is expanding...
Avigilon Social Distancing Analytics Tested on Aug 26, 2020
Avigilon released its social distancing analytics in response to the...
Uniview Deep Learning Camera Tested on Jul 14, 2020
Uniview's intrusion analytics have performed poorly in our shootouts. Now,...
Axis Compares Fever Camera Sellers to 9/11 on Sep 18, 2020
Axis Communications, the West's largest surveillance camera manufacturer, has...
Fever Cameras Are Medical Devices, Per The FDA, Dahua, Feevr, Hikvision, InVid Contrary Claims Are False on May 28, 2020
Fever cameras are medical devices, despite what euphemisms various sellers...
Don't Be Fooled By Hot Water Bottle Fever Camera Demos on Aug 24, 2020
Fever camera salesmen like to fool buyers (and themselves) with hot water...
China DVR/NVR Backdoor Discovered, Huawei Refutes on Feb 07, 2020
A backdoor was found in Chinese-produced DVRs and NVRs that secretly allowed...
Sunell Panda Cam Body Temperature Measurement Camera Tested on May 14, 2020
Sunell is far less well known than its gargantuan domestic competitors Dahua...
Hikvision Hides Xinjiang R&D Activities on Apr 22, 2020
Hikvision has systematically deleted evidence showing their R&D base and...

Recent Reports

OnTech Smart Services Partners With Google and Amazon To Compete With Integrators on Sep 25, 2020
A pain point for many homeowners to use consumer security and surveillance is...
The Future of Metalens For Video Surveillance Cameras - MIT / UMass / Immervision on Sep 25, 2020
Panoramic cameras using 'fisheye' lens have become commonplace in video...
Hikvision Sues Over Brazilian Airport Loss on Sep 24, 2020
Hikvision was excluded from a Brazilian airport project because it is owned...
China General Chamber of Commerce Calls Out US Politics on Sep 24, 2020
While US-China relations are at an all-time low, optimism about relations...
Verkada Disruptive Embedded Live Help on Sep 24, 2020
Call up your integrator? Have someone come by the next day? Verkada is...
IP Networking Course Fall 2020 - Last Chance - Register Now on Sep 23, 2020
Today is the last chance to register for the only IP networking course...
Drain Wire For Access Control Reader Tutorial on Sep 23, 2020
An easy-to-miss cabling specification plays a key role in access control, yet...
Norway Council of Ethics Finds Hikvision Human Rights Abuses "Ongoing" on Sep 23, 2020
Hikvision's involvement in "serious human rights abuse" in Xinjiang is...
IPVM Camera Calculator User Manual / Guide on Sep 23, 2020
Learn how to use the IPVM Camera Calculator (updated for Version 3.1). The...
Installation Course Fall 2020 - Save $50 - Last Chance on Sep 22, 2020
This is a unique installation course in a market where little practical...
SimpliSafe Business Security Launched Examined on Sep 22, 2020
SimpliSafe has launched "SimpliSafe Business Security" that the company...
FLIR CEO: Many New Fever Entrants "Making Claims That The Science Just Won't Support" on Sep 22, 2020
FLIR's CEO joins a growing number calling out risks with fever / screening...
China Bems Temperature Measurement Terminal Tested on Sep 22, 2020
Guangzhou Bems (brand Benshi) is the manufacturer behind temperature...
Axis Exports To China Police Criticized By Amnesty International on Sep 21, 2020
Axis Communications and other EU surveillance providers are under fire from...
Milestone XProtect on AWS Tested on Sep 21, 2020
Milestone finally launched multiple cloud solutions in 2020, taking a...