Sony, in late November, provided a firmware update for a popular IP-enabled camera line used by enterprises and law enforcement alike that closed off remote administration backdoors. The backdoors could be abused to draft these devices into botnets or allow for manipulation of images and advancement into the network.
The update for the Sony IPELA Engine IP Cameras was made available Nov. 28, more than a month after it was privately disclosed by SEC-Consult researcher Stefan Viehbock.
“An attacker can use cameras to take a foothold in a network and launch further attacks, disrupt camera functionality, send manipulated images/video, add cameras into a Mirai-like botnet or to just simply spy on you,” SEC-Consult wrote today in its public disclosure. The company said 80 different Sony cameras were backdoored.