Security bugs in InfiRay thermal cameras might enable hackers to tamper with industrial processes, such as halting production or making changes that lead to lower quality products.
InfiRay is a product of China-based iRay Technology that designs optical components. With products shipped in 89 nations and territories, InfiRay specializes in researching and designing infrared and thermal imaging devices.
Analysts from SEC Consult, an Austrian cybersecurity company, discovered that at least one of the vendor’s thermal cameras, the A8Z3, is susceptible to many potentially catastrophic vulnerabilities. The A8Z3 device, sold on the Chinese marketplace Alibaba for approximately $3,000, is meant for a wide range of IoT applications.
According to security analysts, InfiRay is susceptible to five categories of potentially critical bugs and hardcoded credentials for the camera’s web application are one concern. Since these accounts cannot be shut down and their passwords cannot be modified, they can be termed backdoor accounts that can provide a hacker access to the camera’s web interface. Subsequently, a malicious actor can exploit another loophole to implement arbitrary code.
Additionally, the researchers spotted a buffer overflow in the firmware and several obsolete software components that are known to contain bugs. They also identified a Telnet root shell that is not password protected by default, allowing a local network hacker to execute arbitrary commands as root on the camera.
According to SEC Consult, none of these thermal cameras have been exposed on the internet. However, an attacker who can secure unauthorized access to a device could exploit the vulnerabilities to cause considerable damage.
“The camera is used in industrial environments to check/control temperatures. The test device was located in a factory, where it verified that metal pieces arriving on a conveyor belt were still hot enough for the next process step,” stated Steffen Robertz, an embedded systems security analyst at SEC Consult.
“An attacker would be able to report wrong temperatures and thus create inferior products or halt the production. The temperature output might also be fed into a control loop. By reporting a lower temperature, the temperature of, for example, a furnace might be increased automatically.”
The analysts did not perform any tests on any other devices from this vendor, but identical bugs are likely to impact other devices as well, based on historical experience. SEC Consult notified the Chinese firm of its discoveries over a year ago, but the vendor has been unresponsive, therefore it remains unknown whether updates are available or not.