Vulnerability affects over 80 different camera models

Today some associates at Sec Consult found 2 different back doors in SONY IP Cameras. Sony
has responded, but be sure to update your firmware on all your cameras immediately. This is
a severe vulnerability that can lead to takeover of the camera and then access to your network.

“SEC Consult has found a backdoor in Sony IPELA Engine IP Cameras, mainly used professionally by enterprises and authorities. This backdoor allows an attacker to run arbitrary code on the affected IP cameras. An attacker can use cameras to take a foothold in a network and launch further attacks, disrupt camera functionality, send manipulated images/video, add cameras into a Mirai-like botnet or to just simply spy on you. This vulnerability affects 80 different Sony camera models. Sony was informed by SEC Consult about the vulnerability and has since released updated firmware for the affected models”

sec-consult-logo

Detailed info:

http://blog.sec-consult.com/
https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/20161206-0_Sony_IPELA_Engine_IP_Cameras_Backdoors_v10.txt
https://krebsonsecurity.com/2016/12/researchers-find-fresh-fodder-for-iot-attack-cannons/