Researchers at Senrio discovered tens of millions of internet of things devices affected by the Devil's Ivy vulnerability,...
By submitting your personal information, you agree that TechTarget and its partners may contact you regarding relevant content, products and special offers.
which enables attackers to gain remote access to devices, or even crash them. Among the affected devices are security cameras from Axis Communications and other companies on the ONVIF Forum. What is the Devil's Ivy vulnerability and how does it work?
Branded vulnerabilities have long since jumped the shark. While it is extraordinarily boring to use a name like CVE-2017-9765, it is also extremely efficient and enables enterprises to track the vulnerability across their entire enterprise.
Some vendors may not use the branded name, or they may decide to name the vulnerability something different -- much like antimalware vendors use different names for the same malware, or even multiple names for the same groups of attackers.
Tracking a vulnerability across an enterprise is the key to an effective vulnerability management program. Given how easy it appears to be to find vulnerabilities in internet of things (IoT) devices and the rapid growth of threats that exploit them, being able to effectively manage vulnerabilities is critical.
Senrio identified a stack buffer overflow vulnerability it named Devil's Ivy in an IoT security camera from Axis Communications. Axis further found the vulnerability in a third developer toolkit called gSOAP, which is widely used in IoT devices. The vulnerability in gSOAP enables an attacker to remotely access a system and potentially deny access to users.
Senrio researchers used the development environment Axis left on the device to investigate the gSOAP vulnerability so they could use the developer environment to monitor the device and to identify what caused the service to crash. After their investigation, they identified an open port that accepted connections and sent malicious data to the gSOAP listening port. This enabled them to execute shell code on the target system that further enabled them to exploit the Devil's Ivy vulnerability to take over the system.
Any system using the unpatched version of gSOAP is vulnerable and could potentially be exploited in this way.
Enterprises should ensure that any device they procure or use can be patched. Likewise, for high-value systems, they may want to perform a risk or security assessment on devices to determine if they meet security requirements.
Ask the expert:
Have a question about enterprise threats? Send it via email today. (All questions are anonymous.)
Dig Deeper on Network intrusion detection and prevention (IDS-IPS)
Related Q&A from Nick Lewis
The GD library used in the Junos operating system has opened Junos up to attacks. Nick Lewis explains how it happened and what it means for companies...continue reading
Antivirus software is crucial to your device's security. However, less is often more, especially when considering a secondary free antivirus program....continue reading
Bitdefender discovered that the NotPetya malware changes its behavior when Kaspersky security products are detected. Nick Lewis explains how the ...continue reading
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.