Backdoor accounts found in FLIR thermal security cameras

12.10.2017

FLIR-thermal-security-cameras-backdoor

 

Gjoko Krstic, a cybersecurity specialist at Zero Science Labs, has discovered secret hard-coded accounts in thermal security cameras manufactured by FLIR Systems, one of the largest vendors of such products.

According to Krstic, the backdoor accounts "are never exposed to the end-user and cannot be changed through any normal operation of the camera."

Multiple product series affected

The hard-coded credentials affect the following FLIR thermal camera series:

FC-Series S (FC-334-NTSC)

FC-Series ID

FC-Series R

PT-Series (PT-334 200562)

D-Series

F-Series

 

FLIR-thermal-security-cameras-backdoor

 

Depending on the version of the FLIR camera, the hacker gets access to the device through different username-password combinations.

root:indigo

root:video

default:video

default:[blank]

ftp:video

In addition to secret backdoor accounts, Krstic has also discovered four vulnerabilities.

No response from FLIR

The expert has reported the flaws to FLIR via the Beyond Security's managed disclosure program, but neither he or Beyond Security received a response from FLIR.

FLIR is a very popular brand for security cameras. The company's thermal cameras are standard IP-based security cameras with the extra feature of being able to function in thermal mode during the night.

Would you like to comment on this article?

Share

Latest news

20.10.2017

University expelled student for using hardware keylogger

Kansas University has expelled a student for installing a hardware keylogger.

20.10.2017

Fancy Bear hacker group exploits recently patched Flash vulnerability

Russia-linked cyber espionage group has been using a recently patched Adobe Flash Player vulnerability in attacks aimed at government organizations and aerospace companies.

20.10.2017

Sockbot enslave Android devices into botnet

A newly discovered Android malware that can add the compromised devices to a botnet that could launch DDoS attacks.

Sign up for our online newsletter!