Millions of Security Cameras Can Be Hacked Due to This New Vulnerability

A dangerous new vulnerability called the “Devil’s Ivy” has been discovered by IoT researchers.

Millions of Security Cameras Can Be Hacked Due to This New Vulnerability

A flaw in an open-source code has left millions of IoT devices vulnerable to being hacked.

Researchers have discovered that millions of IoT devices are susceptible to a newly discovered vulnerability researchers are calling “Devil’s Ivy,” because it’s hard to kill and spreads quickly.

IoT security firm Senrio discovered the exploit while researching the Simple Object Access Protocol in Axis Communications security cameras.

“Devil’s Ivy results in remote code execution and was found in an open-source third-party code library from gSOAP,” Senrio announced in a blog post. “When exploited, it allows an attacker to remotely access a video feed or deny the owner access to the feed.”

Axis Communications has released patched firmware for the gSOAP vulnerability, however at least 34 other companies use the code in their IoT devices, potentially leaving them vulnerable, according to Genivia, the company that manages the protocol.

The flaw is dangerous to end users as it could lead to the collection of private information, or prevent a crime from being observed or recorded.

Researchers say because the flaw is from an open-source code, it could be present on millions of other devices.

This is the latest IoT exploit in what has become too much of a frequent occurrence. The proliferation of ransomware and botnets has caused headaches for not just the security industry, but for people all around the world.

It’s time for the physical security industry to embrace cybersecurity as the two begin to converge more and more everyday.

Click here to read more about the Devil’s Ivy vulnerability on Senrio’s blog and watch a demonstration of the hack below.

 

If you enjoyed this article and want to receive more valuable industry content like this, click here to sign up for our FREE digital newsletters!

About the Author

Contact:

Steven A. Karantzoulidis is the Web Editor for Security Sales & Integration. He graduated from the University of Massachusetts Amherst with a degree in Communication and has a background in Film, A/V and Social Media.

Security Is Our Business, Too

For professionals who recommend, buy and install all types of electronic security equipment, a free subscription to Commercial Integrator + Security Sales & Integration is like having a consultant on call. You’ll find an ideal balance of technology and business coverage, with installation tips and techniques for products and updates on how to add to your bottom line.

A FREE subscription to the top resource for security and integration industry will prove to be invaluable.

Subscribe Today!

One response to “Millions of Security Cameras Can Be Hacked Due to This New Vulnerability”

  1. Mitch Cohen says:

    After looking closely at the code, this appears to be an Onvif security flaw, not Axis. My suggestion is to turn off Onvif compatibility and block that port in the router. The port isn’t used for anything useful, and if the router is locked down properly this port should be closed anyhow.

Leave a Reply

Your email address will not be published. Required fields are marked *

Get Our Newsletters