Devil's ivy: failure detected in security cameras

The security of our devices, both smartphones and computers, is something that worries us. Therefore, we routinely have security patches and updates available. The problem arises when faults are detected in other devices that do not receive such updates with the same frequency.

Devil's Ivy: Bug detected on security cameras

A security company called Senrio has discovered a vulnerability (CVE-2017-9765) in a third-party development library called gSOAP toolkit. They have named this vulnerability Devil's Ivy. And what is achieved by exploiting such vulnerability is a buffer overflow that allows a hacker to remotely cause Demon to crash. Thus, being able to execute the arbitrary code on the device in question.

Exploit in security cameras

This failure has been discovered by analyzing a security camera from the company Axis Communications. When attackers take advantage of such failure they can access the camera feed or even block the owner from accessing the feed. Thus taking full control of the camera.

This problem is especially relevant when we consider that there are security cameras that store essential information. Think of those located in banks or sensitive areas of companies. They can be helpful in the event of robbery or terrorist attacks. But a vulnerability like Devil's Ivy can allow access to these cameras and allow the information to fall into unwanted hands.

Axis, the first affected, has revealed that the problem exists in all its models (around 250). Other companies such as Siemens, Hitachi or Canon may also be affected by this vulnerability. Some like Axis have already released a security patch. The rest are working on correcting this problem. What do you think of a security flaw like Devil's Ivy?