A security council reported that they have consulted Sony to report the issue they have found and looks like the company already released a new firmware update which patches this vulnerability.
It is really interesting to note that according to the researchers, the company added this backdoor on purpose. “maybe as a way to debug the device during development or factory functional testing,” and they are pretty sure that this backdoor is not the result of an infection.
The researchers have found two vulnerabilities, one affects the web and allows the hacker to connect to the camera with the help of a Telnet service.
The second flaw makes it possible to compromise the root account, which means that an attacker to carries out a successful exploit would gain full control over a camera and can spy on users, disrupt functionality, add the device to a Mirai botnet, or send different photos and videos.
The IP cameras that come with these backdoors are primarily aimed at businesses, and Sony urges everyone to deploy the new firmware updates to remain secure.
“SEC Consult recommends Sony and Sony customers to conduct a thorough security review of the affected products. It is essential to restrict access to IP cameras using VLANs, firewalls etc. Otherwise, the risk of being a botnet victim (e.g. Mirai) is high,” the security report states.
According to the original advisory, a hacker could take advantage of the backdoors using either a local network or a web connection, as long as these cameras can be accessed online.
You can refer to the box below to see the Sony IP cameras that were confirmed to come with a backdoor, and use this link to download the new firmware versions.
Sony has already acknowledged the security vulnerability and said that “we are grateful to SEC Consult for their assistance in enhancing network security for our network cameras.”
Here is the list of the cameras models that are vulnerable:
SNC-CH115, SNC-CH120, SNC-CH160, SNC-CH220, SNC-CH260, SNC-DH120, SNC-DH120T, SNC-DH160, SNC-DH220, SNC-DH220T, SNC-DH260, SNC-EB520, SNC-EM520, SNC-EM521, SNC-ZB550, SNC-ZM550, SNC-ZM551 SNC-EP550, SNC-EP580, SNC-ER550, SNC-ER550C, SNC-ER580, SNC-ER585, SNC-ER585H, SNC-ZP550, SNC-ZR550 SNC-EP520, SNC-EP521, SNC-ER520, SNC-ER521, SNC-ER521C SNC-CX600, SNC-CX600W, SNC-EB600, SNC-EB600B, SNC-EB602R, SNC-EB630, SNC-EB630B, SNC-EB632R, SNC-EM600, SNC-EM601, SNC-EM602R, SNC-EM602RC, SNC-EM630, SNC-EM631, SNC-EM632R, SNC-EM632RC, SNC-VB600, SNC-VB600B, SNC-VB600B5, SNC-VB630, SNC-VB6305, SNC-VB6307, SNC-VB632D, SNC-VB635, SNC-VM600, SNC-VM600B, SNC-VM600B5, SNC-VM601, SNC-VM601B, SNC-VM602R, SNC-VM630, SNC-VM6305, SNC-VM6307, SNC-VM631, SNC-VM632R, SNC-WR600, SNC-WR602, SNC-WR602C, SNC-WR630, SNC-WR632, SNC-WR632C, SNC-XM631, SNC-XM632, SNC-XM636, SNC-XM637, SNC-VB600L, SNC-VM600L, SNC-XM631L, SNC-WR602CL