It has been reported that there are secret hard-coded accounts in thermal security cameras manufactured by FLIR Systems, Inc., one of the largest vendor of such products. Depending on the FLIR camera version, the following username-password combos will grant an attacker access over the device.
Commenting on the news is Cesare Garlati, chief security strategist at the prpl Foundation, who said:
The divulgence of such information is worrying particularly to all those who have acquired a FLIR security camera. A breach of these devices will not only lead to a considerable loss of privacy, but could potentially lead to human life being threatened and confirms the need for IoT security. The vulnerability uncovered is clear evidence for manufacturers to take an open source approach to security and to implement it at the development stage and not after the device has reached the open market.