Researchers found two hard-coded accounts and passwords in a large range of Sony’s IP-based security cameras. Attackers with access to these cameras’ web interface could use these credentials to take over the camera, even forcing access to a command line (CLI) interface. With botnets like Mirai actively looking for new victims, these sorts of IoT backdoors could but your IP-based cameras at risk. Watch our Daily Security Byte for the highlights, and if you own vulnerable cameras be sure to check out the firmware updates in the Reference section below.
Episode Runtime: 1:42
Direct YouTube Link: https://www.youtube.com/watch?v=zOKrbBnrzPU
EPISODE REFERENCES:
- SEC Consult’s official advisory – SEC Consult
- Secret backdoor in 80 models of Sony’s IP security camera – The Register
- Blog post detailing Sony IPELA cam backdoor – SEC Consult
- Sony’s firmware updates for affected IP security cameras – Sony