Slashdot Mirror

← Back to Stories (view on slashdot.org)

Flaw In IoT Security Cameras Leaves Millions of Devices Open To Hackers (vice.com)

Posted by BeauHD on from the open-book dept.

New submitter Aliciadivo writes: A nasty vulnerability found in Axis security cameras could allow hackers to take full control of several types of Internet of Things devices, and in some cases, software programs, too. The Senrio research team found that devices and software programs using an open source software library called gSOAP to enable their product to communicate to the internet could be affected. Stephen Ridley, founder of Senrio, said: "I bet you all these other manufacturers have the same vulnerability throughout their product lines as well. It's a vulnerability in virtually every IoT device [...] Every kind of device you can possibly think of." A spokesperson for ONVIF, an electronics industry consortium that includes Axis and has includes some members that use gSOAP, said it has notified its members of the flaw, but it's not "up to each member to handle this in the way they best see fit." Also, gSOAP "is not in any way mandated by the ONVIF specifications, but as SOAP is the base for the ONVIF API, it is possible that ONVIF members would be affected." Hundreds of thousands of devices might be affected, as a search for the term "Axis" on Shodan, an engine that scours the internet for vulnerable devices, returns around 14,000 results. You can view Senrio Labs' video on the exploit (which they refer to as the "Devil's Ivy Exploit") here.

1 of 53 comments (clear)

  1. Bad Headline - Flaw is in gSOAP by Anonymous Coward · · Score: 5, Informative

    This has nothing to do with IoT. The bug is in gSOAP which is used everywhere as it's one of the go-to choices when picking a library for communication over SOAP, REST, and/or XML. Basically any company doing something with web services likely used gSOAP at one point. Here's a blurb from their website:

    "The gSOAP toolkit is used by most of the top Fortune 500 companies and all of the top 15 technology companies. Speed, reliability and flexibility, coupled with a proven track record and used by some of the largest technology vendors makes it an ideal platform to develop applications using Web services and XML processing. Applications include embedded systems, mobile devices, telecommunications, routers, online games, Web TV, banking systems, auction systems, news outlets, network management systems, grid and cloud computing platforms, and security software."