Security experts have identified that a large number of Sony IP cameras host a backdoor which can be used by hackers to exploit the devices.
Backdoor Revealed in the Sony IP Cameras
The security researchers from the SEC Consult company have discovered a security backdoor in 80 Sony IP cameras that are used by both individual users and companies.
According to their research it is possible that the company has placed the flaw on purpose for debugging or testing purposes. The backdoors are related to two different vulnerabilities that affect the products.
- The first weakness is related to the web interface. It allows attackers to connect directly to the Sony IP camera via the telnet service which is installed on the firmware. Attackers can easily enable the remote administration service
- The second vulnerability is related to the posibility of compromising the root account of the device. This allows the hackers to gain full control of the device and recruit it to a botnet like Mirai or use it to carry out criminal surveillance.
The hack is possible by sending out HTTP requests which enable the Telnet service on TCP port 23. The researchers have uncovered default passwords that allow criminals to access the cameras. The OS-level backdoor allows the criminals to login through the remote administration service (Via Telnet or SSH) and access a running Linux shell with root privileges. In addition this also likely allows hackers with physical access to the device to login via the serial port as well.
The following models are known to be vulnerable however other Sony IP cameras might also be exploitable:
SNC-CH115, SNC-CH120, SNC-CH160, SNC-CH220, SNC-CH260, SNC-DH120,
SNC-DH120T, SNC-DH160, SNC-DH220, SNC-DH220T, SNC-DH260, SNC-EB520,
SNC-EM520, SNC-EM521, SNC-ZB550, SNC-ZM550, SNC-ZM551SNC-EP550, SNC-EP580, SNC-ER550, SNC-ER550C, SNC-ER580, SNC-ER585,
SNC-ER585H, SNC-ZP550, SNC-ZR550SNC-EP520, SNC-EP521, SNC-ER520, SNC-ER521, SNC-ER521C
SNC-CX600, SNC-CX600W, SNC-EB600, SNC-EB600B, SNC-EB602R, SNC-EB630,
SNC-EB630B, SNC-EB632R, SNC-EM600, SNC-EM601, SNC-EM602R, SNC-EM602RC,
SNC-EM630, SNC-EM631, SNC-EM632R, SNC-EM632RC, SNC-VB600, SNC-VB600B,
SNC-VB600B5, SNC-VB630, SNC-VB6305, SNC-VB6307, SNC-VB632D, SNC-VB635,
SNC-VM600, SNC-VM600B, SNC-VM600B5, SNC-VM601, SNC-VM601B, SNC-VM602R,
SNC-VM630, SNC-VM6305, SNC-VM6307, SNC-VM631, SNC-VM632R, SNC-WR600,
SNC-WR602, SNC-WR602C, SNC-WR630, SNC-WR632, SNC-WR632C, SNC-XM631,
SNC-XM632, SNC-XM636, SNC-XM637, SNC-VB600L, SNC-VM600L, SNC-XM631L,
SNC-WR602CL
Sony has released updated firmware versions that amend the security issues. For more information you can read SEC Consult’s disclosure.