Security researchers have recently discovered a pair of devastating security flaws in as many as 80 different models of Sony cameras.
The first of these appears to be a debug mode that was inadvertently left in place by Sony engineers. The second, dubbed “Primana,” allows hackers to remotely commandeer the web server built into the cameras and gain complete control over them, disrupting camera functions, disabling them or turning them against their owners.
As Johannes Greil, the head of SEC Consult Vulnerability Lab pointed out during an interview on the subject, “Those Sony IPELA ENGINE IP camera devices are definitely reachable on the Internet and a potential target for Mirai-like botnets, but of course it depends on the network/firewall configuration.”
Sony has responded to the issue quickly, publishing an advisory on its company website that provides complete details about the vulnerabilities. They also released a firmware update on November 28 which addresses these issues.
Unfortunately, it gets worse. A separate research team from Cybereason discovered additional zero-day vulnerabilities in cameras running old Linux software. These bugs have been found in no less than ten different camera models from ten different vendors, including the popular VStarcam, which is sold on both eBay and Amazon.
What makes this second discovery potentially worse than the Sony vulnerabilities is the fact that these older model cameras aren’t designed to receive software updates remotely, so there’s no way the manufacturers can push an update to address the flaws. The only way to be sure your older equipment can’t be hacked is to simply replace it with something more secure.
If you currently rely on Sony cameras, your next stop should be the Sony website to see whether the models you’re using were impacted by the security flaw. If so, make certain that you have, in fact, received the latest firmware update.
If you’re using old Linux-based cameras, now is the time to consider replacing them.