On September 25, 2017, a man which goes by the nickname ‘LiquidWorm’ has released the exploit code for FLIR Thermal Cameras.
On 2017-09-25 another CCTV exploit got release by a man which goes by the nickname ‘LiquidWorm’. He found out that FLIR CCTV ’s by the vendor “FLIR Systems” had a hard-coded ssh login credentials within its Linux distribution image, Those credentials are never exposed to the end user and CANNOT be changed through any normal operation of the camera.
What kind of exploit is this?
This exploit is what we know as a “Backdoor” because it grants Randoms access to the camera’s, and even allows them to download code, or do worse.
What are the Affected version?
So far camera models of F/FC/PT/D Software version 10.0.2.43 and Firmware version: 126.96.36.199 release: 1.4.1, 1.4, 1.3.4 GA, 1.3.3 GA and 1.3.2 are affected by the exploit.
What kind of cameras are those? The FLIR cameras are high-performance, multi-sensor pan/tilt cameras which bring thermal and visible-light imaging together in a system that gives you video and control over both IP and analog networks.
Is this exploit fixable by the end user itself?
No, after testing around with a test model, there isn’t any way of removing the hard-coded ssh login credentials, the vendor itself would have to remove the SSH login credentials from the code.
Is this exploit critical?
Yes, these kinds of exploits are unnecessary and not needed, Since Random people can now scan for affected versions and most likely infect them, the rate of IoT botnets will rise again, which is a bad thing.
What to do?
The only thing the affected camera owners can do is wait until the Vendor releases a patch which removes the hard-coded ssh login of the Linux distribution image.
Pierluigi Paganini is member of the ENISA (European Union Agency for Network and Information Security) Threat Landscape Stakeholder Group and Cyber G7 Group, he is also a Security Evangelist, Security Analyst and Freelance Writer.
Editor-in-Chief at "Cyber Defense Magazine", Pierluigi is a cyber security expert with over 20 years experience in the field, he is Certified Ethical Hacker at EC Council in London. The passion for writing and a strong belief that security is founded on sharing and awareness led Pierluigi to find the security blog "Security Affairs" recently named a Top National Security Resource for US.
Pierluigi is a member of the "The Hacker News" team and he is a writer for some major publications in the field such as Cyber War Zone, ICTTF, Infosec Island, Infosec Institute, The Hacker News Magazine and for many other Security magazines.
Author of the Books "The Deep Dark Web" and “Digital Virtual Currency and Bitcoin”.