Jump to content
Search In
  • More options...
Find results that contain...
Find results in...

FLIR cameras have unremovable backdoors

Manufacturers hard-on for providing backdoors into their products that they think will stay completely secret while putting them on the internet continues, this time with one of the largest vendors of thermal security cameras. 

 

https://www.bleepingcomputer.com/news/software/researcher-finds-unremovable-backdoor-accounts-in-flir-thermal-security-cameras/#.Wd-eZ2COCbY.twitter

 

Quote

 


Gjoko Krstic, a security researcher with Zero Science Labs, has discovered secret hard-coded accounts in thermal security cameras manufactured by FLIR Systems, Inc., one of the largest vendor of such products.

 

According to Krstic, the backdoor accounts "are never exposed to the end-user and cannot be changed through any normal operation of the camera."

 

 

So hurray Internet of Things, you serve us so well!

Link to post
Share on other sites

Backdoors are all the rage these days. Forget RGB we want backdoors instead.

Awareness is key. Never enough, even in the face of futility. Speak the truth as if you may never get to say it again. This world is full of ugly. Change it they say. The only way is to reveal the ugly. To change the truth you must first acknowledge it. Never pretend it isn't there. Never bend the knee.

 

Please quote my post in your reply, so that I will be notified and can respond to it. Thanks.

Link to post
Share on other sites

well FLIR is one of the best makers of thermal cameras so this is an issue that I have a feeling the military may have a talk with them about this. 

Good luck, Have fun, Build PC, and have a last gen console for use once a year. I should answer most of the time between 9 to 3 PST

NightHawk 2.0: R7 2700 @4.0ghz, B450m Steel Legends, H105, 4x8gb Geil EVO 2866, XFX RX 580 8GB, Corsair RM750X, 500 gb 850 evo, 500gb 850 pro and 5tb Toshiba x300

Skunkworks: R5 3500U, 16gb, 250 intel 730, 500gb Adata XPG 6000 lite, Vega 8. HP probook G455R G6

Condor (MC server): 6600K, z170m plus, 16gb corsair vengeance LPX, samsung 750 evo, EVGA BR 450.

Bearcat (F@H box) core 2 duo, 1x4gb EEC DDR2, 250gb WD blue, 9800GTX+, STRIX 660ti, supermicro PSU, dell T3400.

Rappter(unfinished compute server) HP DL380G6 2xE5520 24GB ram with 4x146gb 10k drives and 4x300gb 10K drives, running NOTHING can't get anything to work

Spirt  (unfinished NAS) Cisco Security Multiservices Platform server e5420 12gb ram, 1x6 1tb raid 6 for plex + Need funding 16+1 2tb raid 6 for mass storage.

PSU Tier List      Motherboard Tier List      How to get PC parts cheap    HP probook 445R G6 review

 

"Stupidity is like trying to find a limit of a constant. You are never truly smart in something, just less stupid."  @CircleTech

 

Link to post
Share on other sites

damn Russians .. Oh wait.

Details separate people.

Link to post
Share on other sites
3 hours ago, huilun02 said:

Backdoors are all the rage these days. Forget RGB we want backdoors instead.

If anyone ever does RGB with a backdoor the world will implode and the fabric of space time will unravel.

 

I wonder if the backdoor username was NSA by any chance?

 

True story, I got expelled from college aged just 17 because I "hacked" into the college network and manage to gain full admin status. When they asked me how I got it I told them I had discovered a backdoor which had the username "Backdoor" with the password "password". They laughed and told me I was lying so I did it in front of them.

 

Turns out the contractor that installed the network for them (RM in this case) had the backdoor implemented into something at a firmware level for their engineers to use if there was ever a problem, the college IT staff had zero idea it existed.

Main Rig:-

Ryzen 7 3800X | Asus ROG Strix X570-F Gaming | 16GB Team Group Dark Pro 3600Mhz | Corsair MP600 1TB PCIe Gen 4 | Sapphire 5700 XT Pulse | Corsair H115i Platinum | WD Black 1TB | WD Green 4TB | EVGA SuperNOVA G3 650W | Asus TUF GT501 | Samsung C27HG70 1440p 144hz HDR FreeSync 2 | Windows 10 Pro X64 |

 

Server:-

Intel NUC running Server 2019 + Synology DSM218+ with 2 x 4TB Toshiba NAS Ready HDDs (RAID0)

Link to post
Share on other sites
3 hours ago, huilun02 said:

Backdoors are all the rage these days. Forget RGB we want backdoors instead.

Corsair... New mouse pad with backdoors(RGB too)

Link to post
Share on other sites

We heard you like back doors so we installed a backdoor into your backdoor facing camera so you can watch your backdoor through a backdoor.

 

They will probably claim these were for "testing purposes only" and it were not designed to be released.

Link to post
Share on other sites

We need a hardware box that provides a private tunnel to a physically separate network, then you can access sadi network from anywhere but no one else can and nothing connected to said network has a way out. 

QuicK and DirtY. Read the CoC it's like a guide on how not to be moron.  Also I don't have an issue with the VS series.

Sometimes I miss contractions like n't on the end of words like wouldn't, couldn't and shouldn't.    Please don't be a dick,  make allowances when reading my posts.

Link to post
Share on other sites
55 minutes ago, mr moose said:

We need a hardware box that provides a private tunnel to a physically separate network, then you can access sadi network from anywhere but no one else can and nothing connected to said network has a way out. 

Hardware box with a hardware backdoor. The only way to mitigate the risk is to keep the network isolated.

Link to post
Share on other sites
3 hours ago, Tech_Dreamer said:

damn NSA/CIA/MORONSINCONGRESS.. Oh wait.

Fixed that for you.

Ketchup is better than mustard.

GUI is better than Command Line Interface.

Dubs are better than subs

Link to post
Share on other sites
1 hour ago, jagdtigger said:

Hardware box with a hardware backdoor. The only way to mitigate the risk is to keep the network isolated.

Maybe you could get the box made privately and threaten the manufacturer with hell's angels, coffin cheaters and maybe an all expense paid trip to the bottom of the ocean in several boxes if you discover a backdoor.

QuicK and DirtY. Read the CoC it's like a guide on how not to be moron.  Also I don't have an issue with the VS series.

Sometimes I miss contractions like n't on the end of words like wouldn't, couldn't and shouldn't.    Please don't be a dick,  make allowances when reading my posts.

Link to post
Share on other sites
3 hours ago, mr moose said:

Maybe you could get the box made privately and threaten the manufacturer with hell's angels, coffin cheaters and maybe an all expense paid trip to the bottom of the ocean in several boxes if you discover a backdoor.

That wont accomplish anything, they got more worse offer from acronym agencies. Even if you build it yourself the backdoor is already in the hardware. The only real option here is total isolation.

Link to post
Share on other sites

this is just hilarius because of how stupid it is. why the heck does a thermal camera need to be coonected to the internet???

I spent $2500 on building my PC and all i do with it is play no games atm & watch anime at 1080p(finally)...

Builds:

The Toaster Project! Northern Bee!

 

The original LAN PC build log! (Old, dead and replaced by The Toaster Project & 5.0)

Spoiler

"Here is some advice that might have gotten lost somewhere along the way in your life. 

 

#1. Treat others as you would like to be treated.

#2. It's best to keep your mouth shut; and appear to be stupid, rather than open it and remove all doubt.

#3. There is nothing "wrong" with being wrong. Learning from a mistake can be more valuable than not making one in the first place.

 

Follow these simple rules in life, and I promise you, things magically get easier. " - MageTank 31-10-2016

 

 

Link to post
Share on other sites
36 minutes ago, Bananasplit_00 said:

this is just hilarius because of how stupid it is. why the heck does a thermal camera need to be coonected to the internet???

Those are thermal security cameras, so if you want to record/view their image they need a network connection... Its up to the IT how they solve it but usually these are connected to the same LAN as the computers and what not.

Link to post
Share on other sites
4 minutes ago, jagdtigger said:

Those are thermal security cameras, so if you want to record/view their image they need a network connection... Its up to the IT how they solve it but usually these are connected to the same LAN as the computers and what not.

only seen the things they put on phones, assumed that was all they did tbh

I spent $2500 on building my PC and all i do with it is play no games atm & watch anime at 1080p(finally)...

Builds:

The Toaster Project! Northern Bee!

 

The original LAN PC build log! (Old, dead and replaced by The Toaster Project & 5.0)

Spoiler

"Here is some advice that might have gotten lost somewhere along the way in your life. 

 

#1. Treat others as you would like to be treated.

#2. It's best to keep your mouth shut; and appear to be stupid, rather than open it and remove all doubt.

#3. There is nothing "wrong" with being wrong. Learning from a mistake can be more valuable than not making one in the first place.

 

Follow these simple rules in life, and I promise you, things magically get easier. " - MageTank 31-10-2016

 

 

Link to post
Share on other sites

If the backdoor is so hard programmed in, it really is more of a front door isn't it?

Lets play connect the dots!

::::::::::

::::::::::

::::::::::

Link to post
Share on other sites
On 10/13/2017 at 4:47 AM, GDRRiley said:

well FLIR is one of the best makers of thermal cameras so this is an issue that I have a feeling the military may have a talk with them about this. 

No kidding.  Glad I saw this article so many thumb ups for the OP for posting it.

 

Just a nutty gal that abuse hardware with F@H and BOINC.

F@H & BOINC Installation on Linux Guide

My CPU Army: 4690K Delid, E5-2670V3, 1900X, 1950X, 5960X J Batch

My GPU Army:960 FTW at 1551MHz, 1080Ti FTW3, 1080Ti SC, 2x Titan XP

My Console Brigade: Gamecube, Wii, Wii U, Switch, PS2 Fatty, PS4 Pro, Xbox One S, Xbox One X

My Tablet Squad: iPad 9.7" (2018 model), Samsung Tab S, Nexus 7 (1st gen)

3D Printer Unit: Prusa MK3S, Prusa Mini

 

Hardware lost to Kevdog's Law of Folding

OG Titan, 5960X, ThermalTake BlackWidow 850 Watt PSU

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

×