DEVICES VULNERABLE TO BE HACKED DUE TO "DEVILS IVY"

A report has been made by a company called Senrio that millions of IoT devices are vulnerable to Cybersecurity attacks due to a vulnerability initially discovered in remote security cameras. The firm found a weakness in a security camera developed by Axis Communications, one of the world's biggest manufacturers of the devices.

The Model 3004 security camera is used for security at the Los Angeles International Airport and other places.  The problem turned out to be a stack buffer overflow vulnerability, which the firm dubbed "Devil's Ivy."

Axis notified the security firm that 249 different models of the camera were affected by the vulnerability. It found only three models that were unaffected.

The problem lies deep in the communication layer of gSOAP, an open source third-party toolkit that uses various device makers for IoT technology, according to Senrio.

gSOAP manager Genivia reported that the toolkit has been downloaded over 1 million times, according to Senrio. Most of the downloads likely involved developers. Major companies including IBM, Microsoft, Adobe and Xerox are customers of the firm.

Genivia issued a new patch for gSOAP within 24 hours of being alerted to the vulnerability, and said it notified customers of the problem. The obscure problem was caused by an intended integer underflow, followed by a second unintended integer underflow that triggered the bug, Van Engelen told LinuxInsider.

"The trigger happens when at least 2 GB of XML data is uploaded to a Web server," van Engelen explained. "This bug was not discovered by proprietary static analysis tools or by our source code users who looked at the source code since 2002.

Certain ONVIF devices act as Web servers, making them vulnerable when configured to accept more than 2 GB of XML data, he noted.

Contact

 

Via resource Group
Braywick House West
Windsor Road
Maidenhead
SL6 1DN
United Kingdom

+44 0203 327 1996

We use cookies to provide you with the best possible browsing experience on our website. You can find out more below.
Cookies are small text files that can be used by websites to make a user's experience more efficient. The law states that we can store cookies on your device if they are strictly necessary for the operation of this site. For all other types of cookies we need your permission. This site uses different types of cookies. Some cookies are placed by third party services that appear on our pages.
+Necessary
Necessary cookies help make a website usable by enabling basic functions like page navigation and access to secure areas of the website. The website cannot function properly without these cookies.
ResolutionUsed to ensure the correct version of the site is displayed to your device.
essential
SessionUsed to track your user session on our website.
essential
+Statistics
Statistic cookies help website owners to understand how visitors interact with websites by collecting and reporting information anonymously.
Google AnalyticsGoogle Analytics is an analytics tool to measure website, app, digital and offline data to gain user insights.
Yes
No

More Details