FLIR cameras have unremovable backdoors

[DoctorWho1975]

Manufacturers hard-on for providing backdoors into their products that they think will stay completely secret while putting them on the internet continues, this time with one of the largest vendors of thermal security cameras. 

 

https://www.bleepingcomputer.com/news/software/researcher-finds-unremovable-backdoor-accounts-in-flir-thermal-security-cameras/#.Wd-eZ2COCbY.twitter

 

Quote

 

Gjoko Krstic, a security researcher with Zero Science Labs, has discovered secret hard-coded accounts in thermal security cameras manufactured by FLIR Systems, Inc., one of the largest vendor of such products.

 

According to Krstic, the backdoor accounts "are never exposed to the end-user and cannot be changed through any normal operation of the camera."

 

 

So hurray Internet of Things, you serve us so well!

[Technomancer__]

What can I say...

[GDRRiley]

well FLIR is one of the best makers of thermal cameras so this is an issue that I have a feeling the military may have a talk with them about this. 

[Tech_Dreamer]

damn Russians .. Oh wait.

[Master Disaster]

3 hours ago, huilun02 said:

Backdoors are all the rage these days. Forget RGB we want backdoors instead.

If anyone ever does RGB with a backdoor the world will implode and the fabric of space time will unravel.

 

I wonder if the backdoor username was NSA by any chance?

 

True story, I got expelled from college aged just 17 because I "hacked" into the college network and manage to gain full admin status. When they asked me how I got it I told them I had discovered a backdoor which had the username "Backdoor" with the password "password". They laughed and told me I was lying so I did it in front of them.

 

Turns out the contractor that installed the network for them (RM in this case) had the backdoor implemented into something at a firmware level for their engineers to use if there was ever a problem, the college IT staff had zero idea it existed.

[WereCat]

3 hours ago, huilun02 said:

Backdoors are all the rage these days. Forget RGB we want backdoors instead.

Corsair... New mouse pad with backdoors(RGB too)

[ScratchCat]

We heard you like back doors so we installed a backdoor into your backdoor facing camera so you can watch your backdoor through a backdoor.

 

They will probably claim these were for "testing purposes only" and it were not designed to be released.

[mr moose]

We need a hardware box that provides a private tunnel to a physically separate network, then you can access sadi network from anywhere but no one else can and nothing connected to said network has a way out. 

[jagdtigger]

55 minutes ago, mr moose said:

We need a hardware box that provides a private tunnel to a physically separate network, then you can access sadi network from anywhere but no one else can and nothing connected to said network has a way out. 

Hardware box with a hardware backdoor. The only way to mitigate the risk is to keep the network isolated.

[Trik'Stari]

3 hours ago, Tech_Dreamer said:

damn NSA/CIA/MORONSINCONGRESS.. Oh wait.

Fixed that for you.

[mr moose]

1 hour ago, jagdtigger said:

Hardware box with a hardware backdoor. The only way to mitigate the risk is to keep the network isolated.

Maybe you could get the box made privately and threaten the manufacturer with hell's angels, coffin cheaters and maybe an all expense paid trip to the bottom of the ocean in several boxes if you discover a backdoor.

[dfsdfgfkjsefoiqzemnd]

Have a look at the future :

 

[HarryNyquist]

I didn't think I'd live long enough to desire devices that DIDN'T connect to the internet...

[jagdtigger]

3 hours ago, mr moose said:

Maybe you could get the box made privately and threaten the manufacturer with hell's angels, coffin cheaters and maybe an all expense paid trip to the bottom of the ocean in several boxes if you discover a backdoor.

That wont accomplish anything, they got more worse offer from acronym agencies. Even if you build it yourself the backdoor is already in the hardware. The only real option here is total isolation.

[Bananasplit_00]

this is just hilarius because of how stupid it is. why the heck does a thermal camera need to be coonected to the internet???

[jagdtigger]

36 minutes ago, Bananasplit_00 said:

this is just hilarius because of how stupid it is. why the heck does a thermal camera need to be coonected to the internet???

Those are thermal security cameras, so if you want to record/view their image they need a network connection... Its up to the IT how they solve it but usually these are connected to the same LAN as the computers and what not.

[Bananasplit_00]

4 minutes ago, jagdtigger said:

Those are thermal security cameras, so if you want to record/view their image they need a network connection... Its up to the IT how they solve it but usually these are connected to the same LAN as the computers and what not.

only seen the things they put on phones, assumed that was all they did tbh

[AGrider]

If the backdoor is so hard programmed in, it really is more of a front door isn't it?

[Jito463]

And this, ladies and gentlemen, is why I have absolutely no IoT components.

[The Falcon]

Flir got a $7.9 Million from DARPA and now there is GIANT backdoors in their devices.
Coincidence? I think not!!!!!!!

Source: https://globalbiodefense.com/2013/01/30/flirs-agentase-receives-7-9m-darpa-award/

[Ithanul]

On 10/13/2017 at 4:47 AM, GDRRiley said:

well FLIR is one of the best makers of thermal cameras so this is an issue that I have a feeling the military may have a talk with them about this. 

No kidding.  Glad I saw this article so many thumb ups for the OP for posting it.

 

[mikeybabes]

Such old news, FLIR gave out a patch for this, however, it did take them 3months to sort out.

http://www.flir.com/security/blog/details/?ID=87043

 

And whilst on the subject, Luc may like to know there is only 115 device discoverable to match Flir on the internet, very trivial amount.

https://www.shodan.io/ will list vulnerable devices.

 

Maybe who gave this news needs to do proper research.

 

[Jito463]

6 hours ago, mikeybabes said:

Such old news, FLIR gave out a patch for this, however, it did take them 3months to sort out.

http://www.flir.com/security/blog/details/?ID=87043

Old news?  2 weeks is old news?

 

[DoctorWho1975]

You know you did good when someone from Flir comes to post.