Millions of IoT devices are vulnerable to widespread bug

Researchers find a flaw that could let hackers take over millions of security cameras and other connected devices.

BL: 1. FC Nuernberg - TSV 1860 Muenchen

Millions of connected devices, including security cameras, are affected by this bug.

TF-Images / Getty Images

Millions of net-connected devices around the world can be hacked due to a common flaw.

Researchers have found that security cameras using an open-source code called gSOAP could be easily hacked and that attackers can send commands remotely. This allowed the researchers at Senrio, a security firm focused on the internet of things, to take over a video feed, pause the recording and turn the camera off.

You can see the hack in action here:

Senrio was able to take full control of the hacked cameras, the company said. Researchers are naming the zero-day exploit “Devil’s Ivy,” because, like the plant, it’s hard to kill and it spreads quickly. 

The company said Tuesday that it discovered the vulnerability while researching Axis security cameras, one of the largest makers of connected cameras. Axis provides surveillance globally, including for every security camera at the Los Angeles airport.

IoT devices provide convenience for device owners because online connections bring new uses to old gadgets, but they are still iffy on security. On Tuesday, the FBI issued a warning for connected toys, citing concerns about hacks.

The flaw is found in 249 camera models for Axis and affects 34 other companies, Senrio said. Because the flaw is from an open-source code, it could be present on millions of other devices, the researchers said.

Genivia, the company behind gSOAP, said it’s had more than 1 million downloads, including from companies like IBM, Microsoft and Adobe Systems. Genivia has released a patch for this flaw. Axis did not immediately respond to a request for comment.

Advertisements
This entry was posted in Uncategorized. Bookmark the permalink.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s