Now on Demand Ransomware Resilience & Recovery Summit - All Sessions Available
Connect with us

Hi, what are you looking for?


Identity & Access

Flaws Expose FLIR Thermal Cameras to Remote Attacks

Researchers have disclosed the details of several potentially serious vulnerabilities affecting thermal security cameras from FLIR Systems, said to be the world’s largest provider of thermal imaging cameras, components and imaging sensors.

Researchers have disclosed the details of several potentially serious vulnerabilities affecting thermal security cameras from FLIR Systems, said to be the world’s largest provider of thermal imaging cameras, components and imaging sensors.

The flaws were discovered by Gjoko Krstic of Zero Science Lab and were disclosed over the weekend by Beyond Security. The issues were reported to FLIR on June 27 and while the company responded to Beyond Security’s emails, it did not provide an estimated date for workarounds or patches.

Krstic found various types of vulnerabilities in FLIR’s FC-Series S, FC-Series ID and PT-Series thermal security cameras, including information disclosure, authenticated and unauthenticated remote code execution, and hardcoded credentials issues. The researcher also found a vulnerability that allows an unauthenticated attacker to access a camera’s live feed.FLIR thermal cameras can be hacked

Proof-of-concept (PoC) requests and code have been made available for each of the vulnerabilities.

A scan via the Internet search engine Censys shows that thousands of FLIR thermal cameras are accessible directly from the Internet, which increases the risk of exploitation for the vulnerabilities identified by Kristic.

The researcher discovered that an attacker can leverage API functionality provided by the FLIR web server to download various files from the FLIR OS. He also noticed that the web server does not check if the user is authenticated when they make a request to see the camera’s live feed, allowing an attacker to gain access to the video stream by sending a simple request.

Specially crafted requests can also be used by authenticated and unauthenticated attackers to execute arbitrary code. These security holes are caused by the lack of proper sanitization for user-controlled input.

Finally, Krstic discovered that the code includes various credentials that provide access to the devices.

Contacted by SecurityWeek, FLIR said it’s evaluating Beyond Security’s advisory and promised to provide an update on its findings once its assessment has been completed.

Advertisement. Scroll to continue reading.

UPDATE 10/17/2017. FLIR told SecurityWeek it has released firmware updates to patch the vulnerabilities.

Related: Remotely Exploitable Flaws Found in Popular IP Cameras

Related: Multiple Vulnerabilities Found in Popular IP Cameras

Related: Thousands of IP Cameras Hijacked by Persirai, Other IoT Botnets

Written By

Eduard Kovacs (@EduardKovacs) is a managing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Click to comment


Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join the session as we discuss the challenges and best practices for cybersecurity leaders managing cloud identities.


SecurityWeek’s Ransomware Resilience and Recovery Summit helps businesses to plan, prepare, and recover from a ransomware incident.


People on the Move

MSSP Dataprise has appointed Nima Khamooshi as Vice President of Cybersecurity.

Backup and recovery firm Keepit has hired Kim Larsen as CISO.

Professional services company Slalom has appointed Christopher Burger as its first CISO.

More People On The Move

Expert Insights

Related Content


Less than a week after announcing that it would suspended service indefinitely due to a conflict with an (at the time) unnamed security researcher...

Identity & Access

Zero trust is not a replacement for identity and access management (IAM), but is the extension of IAM principles from people to everyone and...

Data Breaches

OpenAI has confirmed a ChatGPT data breach on the same day a security firm reported seeing the use of a component affected by an...

IoT Security

A group of seven security researchers have discovered numerous vulnerabilities in vehicles from 16 car makers, including bugs that allowed them to control car...


A researcher at IOActive discovered that home security systems from SimpliSafe are plagued by a vulnerability that allows tech savvy burglars to remotely disable...

Risk Management

The supply chain threat is directly linked to attack surface management, but the supply chain must be known and understood before it can be...


Patch Tuesday: Microsoft calls attention to a series of zero-day remote code execution attacks hitting its Office productivity suite.


Patch Tuesday: Microsoft warns vulnerability (CVE-2023-23397) could lead to exploitation before an email is viewed in the Preview Pane.