Backdoor accounts found in FLIR thermal security cameras

12.10.2017

FLIR-thermal-security-cameras-backdoor

 

Gjoko Krstic, a cybersecurity specialist at Zero Science Labs, has discovered secret hard-coded accounts in thermal security cameras manufactured by FLIR Systems, one of the largest vendors of such products.

According to Krstic, the backdoor accounts "are never exposed to the end-user and cannot be changed through any normal operation of the camera."

Multiple product series affected

The hard-coded credentials affect the following FLIR thermal camera series:

FC-Series S (FC-334-NTSC)

FC-Series ID

FC-Series R

PT-Series (PT-334 200562)

D-Series

F-Series

 

FLIR-thermal-security-cameras-backdoor

 

Depending on the version of the FLIR camera, the hacker gets access to the device through different username-password combinations.

root:indigo

root:video

default:video

default:[blank]

ftp:video

In addition to secret backdoor accounts, Krstic has also discovered four vulnerabilities.

No response from FLIR

The expert has reported the flaws to FLIR via the Beyond Security's managed disclosure program, but neither he or Beyond Security received a response from FLIR.

FLIR is a very popular brand for security cameras. The company's thermal cameras are standard IP-based security cameras with the extra feature of being able to function in thermal mode during the night.

Would you like to comment on this article?

Share

Latest news

15.12.2017

Hacker removed malware from Netgear site, the company failed to do so for 2 years

An anonymous hacker has removed malware from a Netgear site after the company failed to clean up a malware infection for more than two years.

15.12.2017

Hacker robbed church in Northern Ireland

The hacker told the priest that the church computer should be remotely accessible to fix an internet problem.

15.12.2017

Synaptics to remove keylogger from its drivers

The company has decided to remove the keylogger functionality from its products.

Sign up for our online newsletter!