InfiRay thermal cameras are affected by vulnerabilities that could allow malicious hackers to tamper with industrial processes, including to disrupt production or to make modifications that result in lower quality products.
InfiRay is a brand of China-based iRay Technology, which manufactures optical components. InfiRay specializes in the development and manufacturing of infrared and thermal imaging solutions, with its products being sold in 89 countries and regions.
Researchers at Austria-based cybersecurity consultancy SEC Consult discovered that at least one of the vendor’s thermal cameras, the A8Z3 model, is affected by several potentially serious vulnerabilities.
The A8Z3 device, sold on the Chinese marketplace Alibaba for nearly $3,000, is designed for a wide range of industrial applications.
According to SEC Consult, the product is affected by five types of potentially critical vulnerabilities. One issue is related to hardcoded credentials for the camera’s web application. Since these accounts cannot be deactivated and their passwords cannot be changed, they can be considered backdoor accounts that can provide an attacker access to the camera’s web interface. From there, an attacker can leverage another vulnerability for arbitrary code execution.
The researchers also found a buffer overflow in the firmware, and multiple outdated software components that are known to contain vulnerabilities. They also found a Telnet root shell that by default is not protected by a password, giving an attacker on the local network the ability to execute arbitrary commands as root on the camera.
SEC Consult has not seen any of these thermal cameras exposed to the internet. However, an attacker who can gain network access to a device could exploit the flaws to cause some serious damage.
Learn more about vulnerabilities in industrial systems at SecurityWeek’s 2022 ICS Cyber Security Conference
“The camera is used in industrial environments to check/control temperatures. The test device was located in a factory, where it verified that metal pieces arriving on a conveyor belt were still hot enough for the next process step,” explained Steffen Robertz, a SEC Consult security consultant specializing in embedded systems.
“An attacker would be able to report wrong temperatures and thus create inferior products or halt the production,” Robertz said. “The temperature output might also be fed in a control loop. By reporting a lower temperature, the temperature of, for example, a furnace might be increased automatically.”
SEC Consult told SecurityWeek that it did not test other devices from this vendor, but based on past experience it’s likely that similar vulnerabilities affect other products as well.
SEC Consult reported its findings to the vendor more than a year ago, but the company has been unresponsive so it’s unclear if patches are available. The cybersecurity firm has made public some technical details, but it did not release proof-of-concept (PoC) exploits.
SecurityWeek has reached out to InfiRay for comment, but the company has yet to respond.
Related: Vendor Refuses to Remove Backdoor Account That Can Facilitate Attacks on Industrial Firms
Related: Hundreds of Thousands of Konica Printers Vulnerable to Hacking via Physical Access
