It has been reported that there are secret hard-coded accounts in thermal security cameras manufactured by FLIR Systems, Inc., one of the largest vendor of such products. Depending on the FLIR camera version, the following username-password combos will grant an attacker access over the device. Cesare Garlati, Chief Security Strategist at the prpl Foundation commented below.
Cesare Garlati, Chief Security Strategist at the prpl Foundation:
“The divulgence of such information is worrying particularly to all those who have acquired a FLIR security camera. A breach of these devices will not only lead to a considerable loss of privacy, but could potentially lead to human life being threatened and confirms the need for IoT security. The vulnerability uncovered is clear evidence for manufacturers to take an open source approach to security and to implement it at the development stage and not after the device has reached the open market.”