‘Devil’s Ivy’ Vulnerability Could Affect Millions of IoT Devices
The so-called ‘Devil’s Ivy’ exploit was found while researching IP-based video surveillance cameras.
Researchers have discovered that millions of IoT devices are susceptible to a newly discovered vulnerability researchers are calling “Devil’s Ivy,” because it’s hard to kill and spreads quickly.
“Devil’s Ivy results in remote code execution and was found in an open-source third-party code library from gSOAP,” Senrio announced in a blog post. “When exploited, it allows an attacker to remotely access a video feed or deny the owner access to the feed.”
Axis Communications has released patched firmware for the gSOAP vulnerability, however at least 34 other companies use the code in their IoT devices, potentially leaving them vulnerable, according to Genivia, the company that manages the protocol.
The flaw is dangerous to end users as it could lead to the collection of private information, or prevent a crime from being observed or recorded.
Researchers say because the flaw is from an open-source code, it could be present on millions of other devices.
This is the latest IoT exploit in what has become a frequent occurrence. The proliferation of ransomware and botnets has caused headaches for not just the security industry, but for people all around the world.
It’s time for the physical security industry to embrace cybersecurity as the two begin to converge more and more everyday.
Click here to read more about the Devil’s Ivy vulnerability on Senrio’s blog and watch a demonstration of the hack below.
Read More Articles Like This… With A FREE Subscription
Campus Safety magazine is another great resource for public safety, security and emergency management professionals. It covers all aspects of campus safety, including access control, video surveillance, mass notification and security staff practices. Whether you work in K-12, higher ed, a hospital or corporation, Campus Safety magazine is here to help you do your job better!