FLIR Systems FLIR Thermal Traffic Cameras RTSP Stream Disclosure
Title: FLIR Systems FLIR Thermal Traffic Cameras RTSP Stream Disclosure
Advisory ID: ZSL-2018-5489
Type: Local/Remote
Impact: Exposure of System Information, Exposure of Sensitive Information
Risk: (3/5)
Release Date: 06.10.2018
FLIR TrafiCam is a vehicle presence sensor that combines a CMOS camera and a video detector in a single unit. FLIR TrafiCam detects moving and stationary vehicles at signalized intersections. Via detection outputs or via IP protocol, vehicle presence information is transmitted to the traffic controller so that signal timing can be adjusted dynamically. This way, vehicle waiting time at traffic lights is reduced and traffic flows are optimized.
FLIR TrafiSense is an integrated thermal sensor and detector for vehicle and bike detection. TrafiSense does not need light to operate, but uses the thermal energy emitted from vehicles and bicyclists. This enables the sensor to detect vehicles and bikes in the darkest of nights, over a long range and in the most difficult weather conditions. The result is reliable, 24/7 traffic detection for a wide range of applications.
FLIR TrafiRadar vehicle presence sensor is a combination of a video sensor and radar. TrafiRadar is typically used for stop bar and advance vehicle presence detection, traffic adaptive systems, and dilemma-zone protection and thus improves traffic safety and efficiency at signalized intersections. TrafiRadar will warn traffic light controllers whenever a vehicle is present in the dilemma zone, either extending green or red lights to improve overall safety.and stationary vehicles at signalized intersections and collect traffic data at intersections or interurban roads. Via detection outputs or via IP protocol, vehicle presence information is transmitted to the traffic controller so that signal timing can be adjusted dynamically. TrafiCam x-stream offers streaming video at full frame rate, to be used for traffic monitoring in a control room.
The VIP series offers multi-functional Video Image Processing modules for traffic control. VIP boards integrate automatic incident detection, data collection, recording of pre and post incident image sequences and streaming video in one board. VIP modules have been installed for road and tunnel projects all over the world.
E1.00.09 - (TI BPL2 EDGE) - Codename: TIIP4EDGE
V1.02.P01 - (TI x-stream) - Codename: TIIP2
V1.05.P01 - (ThermiCam) - Codename: ThermiCam
V1.04.P02 - (ThermiCam) - Codename: ThermiCam
V1.04 - (ThermiCam) - Codename: ThermiCam
V1.01.P02 - (ThermiCam) - Codename: ThermiCam
V1.05.P03 - (TrafiSense) - Codename: TrafiSense
V1.06 - (VIP-IP) - Codename: VIP-IP
V1.02.P02 - (TrafiRadar) - Codename: TrafiRadar
nginx/1.10.2
nginx/1.8.0
Websocket/13 (RFC 6455)
[17.08.2018] Vendor contacted.
[17.08.2018] Vendor replied forwarding message to appropriate team.
[21.08.2018] Vendor responds asking more details.
[22.08.2018] Replied to the vendor requesting PGP key.
[23.08.2018] Vendor sends PGP key.
[27.08.2018] Sent details to the vendor.
[29.08.2018] Vendor confirms the issues developing patches.
[29.08.2018] Working with the vendor.
[17.09.2018] Vendor releases new firmware updates to address these issues.
[06.10.2018] Coordinated public security advisory released.
[2] https://www.flir.com/globalassets/security/flir-pro-security-cyber-hardening-guide.pdf
[3] https://packetstormsecurity.com/files/149699
[4] https://cxsecurity.com/issue/WLB-2018100072
[5] https://www.exploit-db.com/exploits/45537/
[6] https://exchange.xforce.ibmcloud.com/vulnerabilities/151011
[7] https://www.flir.com/globalassets/security/cybersecurity-bulletin-10-12-18.pdf
[09.10.2018] - Added reference [3], [4] and [5]
[11.10.2018] - Added reference [6]
[15.10.2018] - Added reference [7]
Web: http://www.zeroscience.mk
e-mail: lab@zeroscience.mk
Advisory ID: ZSL-2018-5489
Type: Local/Remote
Impact: Exposure of System Information, Exposure of Sensitive Information
Risk: (3/5)
Release Date: 06.10.2018
Summary
FLIR TrafiOne is an all-round detection sensor for traffic monitoring and dynamic traffic signal control. Offered in a compact and affordable package, the FLIR TrafiOne uses thermal imaging and Wi-Fi technology to adapt traffic signals based on the presence detection of vehicles, bicycles and pedestrians while at the same time generating high resolution data at intersections and in urban environments. FLIR TrafiOne helps traffic engineers to improve traffic flows, reduce vehicle idling time, monitor congestion, enhance safety for vulnerable road users, collect data and measure travel and delay times for different transport modes.FLIR TrafiCam is a vehicle presence sensor that combines a CMOS camera and a video detector in a single unit. FLIR TrafiCam detects moving and stationary vehicles at signalized intersections. Via detection outputs or via IP protocol, vehicle presence information is transmitted to the traffic controller so that signal timing can be adjusted dynamically. This way, vehicle waiting time at traffic lights is reduced and traffic flows are optimized.
FLIR TrafiSense is an integrated thermal sensor and detector for vehicle and bike detection. TrafiSense does not need light to operate, but uses the thermal energy emitted from vehicles and bicyclists. This enables the sensor to detect vehicles and bikes in the darkest of nights, over a long range and in the most difficult weather conditions. The result is reliable, 24/7 traffic detection for a wide range of applications.
FLIR TrafiRadar vehicle presence sensor is a combination of a video sensor and radar. TrafiRadar is typically used for stop bar and advance vehicle presence detection, traffic adaptive systems, and dilemma-zone protection and thus improves traffic safety and efficiency at signalized intersections. TrafiRadar will warn traffic light controllers whenever a vehicle is present in the dilemma zone, either extending green or red lights to improve overall safety.and stationary vehicles at signalized intersections and collect traffic data at intersections or interurban roads. Via detection outputs or via IP protocol, vehicle presence information is transmitted to the traffic controller so that signal timing can be adjusted dynamically. TrafiCam x-stream offers streaming video at full frame rate, to be used for traffic monitoring in a control room.
The VIP series offers multi-functional Video Image Processing modules for traffic control. VIP boards integrate automatic incident detection, data collection, recording of pre and post incident image sequences and streaming video in one board. VIP modules have been installed for road and tunnel projects all over the world.
Description
FLIR thermal traffic cameras suffer from an unauthenticated and unauthorized live RTSP video stream access.Vendor
FLIR Systems, Inc. - https://www.flir.comAffected Version
V1.01-0bb5b27 - (TrafiOne) - Codename: TrafiOneE1.00.09 - (TI BPL2 EDGE) - Codename: TIIP4EDGE
V1.02.P01 - (TI x-stream) - Codename: TIIP2
V1.05.P01 - (ThermiCam) - Codename: ThermiCam
V1.04.P02 - (ThermiCam) - Codename: ThermiCam
V1.04 - (ThermiCam) - Codename: ThermiCam
V1.01.P02 - (ThermiCam) - Codename: ThermiCam
V1.05.P03 - (TrafiSense) - Codename: TrafiSense
V1.06 - (VIP-IP) - Codename: VIP-IP
V1.02.P02 - (TrafiRadar) - Codename: TrafiRadar
Tested On
nginx/1.12.1nginx/1.10.2
nginx/1.8.0
Websocket/13 (RFC 6455)
Vendor Status
[26.07.2018] Vulnerability discovered.[17.08.2018] Vendor contacted.
[17.08.2018] Vendor replied forwarding message to appropriate team.
[21.08.2018] Vendor responds asking more details.
[22.08.2018] Replied to the vendor requesting PGP key.
[23.08.2018] Vendor sends PGP key.
[27.08.2018] Sent details to the vendor.
[29.08.2018] Vendor confirms the issues developing patches.
[29.08.2018] Working with the vendor.
[17.09.2018] Vendor releases new firmware updates to address these issues.
[06.10.2018] Coordinated public security advisory released.
PoC
flir_traffic_stream.txtCredits
Vulnerability discovered by Gjoko Krstic - <gjoko@zeroscience.mk>References
[1] https://www.flir.com/security/best-practices-for-cybersecurity/[2] https://www.flir.com/globalassets/security/flir-pro-security-cyber-hardening-guide.pdf
[3] https://packetstormsecurity.com/files/149699
[4] https://cxsecurity.com/issue/WLB-2018100072
[5] https://www.exploit-db.com/exploits/45537/
[6] https://exchange.xforce.ibmcloud.com/vulnerabilities/151011
[7] https://www.flir.com/globalassets/security/cybersecurity-bulletin-10-12-18.pdf
Changelog
[06.10.2018] - Initial release[09.10.2018] - Added reference [3], [4] and [5]
[11.10.2018] - Added reference [6]
[15.10.2018] - Added reference [7]
Contact
Zero Science LabWeb: http://www.zeroscience.mk
e-mail: lab@zeroscience.mk