In a blog post published today, Austrian security firm SEC Consult said it found two apparent backdoor accounts in Sony IPELA Engine IP Cameras — devices mainly used by enterprises and authorities. According to SEC Consult, the two previously undocumented user accounts — named “primana” and “debug” — could be used by remote attackers to commandeer the Web server built into these devices, and then to enable “telnet” on them.
“We believe that this backdoor was introduced by Sony developers on purpose (maybe as a way to debug the device during development or factory functional testing) and not an ‘unauthorized third party’ like in other cases (e.g. the Juniper ScreenOS Backdoor, CVE-2015-7755),” SEC Consult wrote.
If you have any Sony IP cameras, you should make sure you do a firmware update to the latest revision. The backdoor accounts are disabled in the latest firmware.
Tell tale signs something is not right.
Sender Email Address
TO: Email address
Subject
Email Body/Content
Date
Attachments
Hyperlinks
Compare Huntress vs Blackpoint MDR for MSPs: coverage, SOC response authority, alert quality, integrations, and…
Choose Huntress or CrowdStrike by operating model, not hype: compare managed EDR, Falcon platform depth,…
Reduce risk without overloading IT: compare SOC monitoring, alert triage, threat hunting, and MDR response…
Compare SOC costs from $60K SOCaaS to $5M+ internal 24x7 teams, with hidden staffing, tooling,…
Protect CUI and win defense contracts with practical NIST 800-171 steps for manufacturers, from scoping…
Secure DoD contracts with CMMC support for manufacturers: map CUI, close NIST 800-171 gaps, monitor…