Vulnerabilities in InfiRay thermal cameras might allow malevolent hackers to meddle with industrial processes, such as disrupting production or making changes that lead to lower quality products.
InfiRay is a trademark of iRay Technology, a Chinese optical component manufacturer. With products supplied in 89 countries and territories, InfiRay specializes in researching and producing infrared and thermal imaging systems. Researchers from SEC Consult, an Austrian cybersecurity firm, determined that at least one of the vendor’s thermal cameras, the A8Z3, is vulnerable to many potentially catastrophic flaws.
The A8Z3 device, which costs around $3,000 on Alibaba in China, is meant for various industrial uses. According to SEC Consult, the product is vulnerable to five categories of potentially serious flaws. Hardcoded credentials for the camera’s web application are one concern. These accounts can be termed backdoor accounts because they can’t be deactivated, and their passwords can’t be changed. They can provide an attacker access to the camera’s web interface. An attacker can then take advantage of another vulnerability to execute arbitrary code.
The researchers also discovered a buffer overflow in the firmware, and other obsolete software components are known to be vulnerable. They also found a Telnet root shell that is not password secured by default, allowing a local network attacker to run arbitrary commands as root on the camera. According to SEC Consult, no thermal cameras have been discovered on the internet. An attacker with network access to a device, on the other hand, may exploit the weaknesses to do considerable damage.
“The camera is used in industrial environments to check/control temperatures. The test device was located in a factory, where it verified that metal pieces arriving on a conveyor belt were still hot enough for the next process step,” explains Steffen Robertz, an embedded systems security specialist at SEC Consult. “An attacker would be able to report wrong temperatures and thus create inferior products or halt the production,” said Robertz. “The temperature output might also be fed in a control loop. By reporting a lower temperature, the temperature of, for example, a furnace might be increased automatically.”
SEC Consult stated that it did not test any other devices from this vendor, but similar vulnerabilities are likely to impact other products as well, based on historical experience. SEC Consult notified the vendor of its discoveries over a year ago, but the firm has been unresponsive, so it’s unknown whether updates are available. The cybersecurity firm has made certain technical details public, but no proof-of-concept (PoC) exploits have been released.