On 2017-09-25 another CCTV exploit got release by a man which goes by the nickname ‘LiquidWorm’. He found out that FLIR CCTV ’s by the vendor “FLIR Systems” had a hard-coded ssh login credentials within its Linux distribution image, Those credentials are never exposed to the end user and CANNOT be changed through any normal operation of the camera.
What kind of exploit is this?
This exploit is what we know as a “Backdoor” because it grants Randoms access to the camera’s, and even allows them to download code, or do worse.
What are the Affected version?
So far camera models of F/FC/PT/D Software version 10.0.2.43 and Firmware version: 18.104.22.168 release: 1.4.1, 1.4, 1.3.4 GA, 1.3.3 GA and 1.3.2 are affected by the exploit.
What kind of cameras are those? The FLIR cameras are high-performance, multi-sensor pan/tilt cameras which bring thermal and visible-light imaging together in a system that gives you video and control over both IP and analog networks.
Is this exploit fixable by the end user itself?
No, after testing around with a test model, there isn’t any way of removing the hard-coded ssh login credentials, the vendor itself would have to remove the SSH login credentials from the code.
Is this exploit critical?
Yes, these kinds of exploits are unnecessary and not needed, Since Random people can now scan for affected versions and most likely infect them, the rate of IoT botnets will rise again, which is a bad thing.
What to do?
The only thing the affected camera owners can do is wait until the Vendor releases a patch which removes the hard-coded ssh login of the Linux distribution image.
Thank you for reading.
Report written by Frontline Cyber Security Ltd
Newark On Trent
About the author: Frontline Cyber Security Ltd
Company Registration Number 10803746 Newark
Nottinghamshire – United Kingdom
(Security Affairs – FLIR Thermal Camera Exploit, hacking)