Even one million IoT devices with an unpatched gap. And what? I think nothing ...

Once again, we learn that the so-called "smart things of the Internet" connected to the global network imply a real threat. Through the leaky open source library gSOAP, which has been downloaded more than a million times, not only the camera operators are exposed to spy, but also every internet user - everyone can get hit by DdoS attack or bot-scanner to search for vulnerabilities in servers and routers.

The producers probably stopped taking care of the safety of their products. It is enough that they use the ready software and in their opinion they no longer have to worry about the security aspect. Unfortunately, it is not. Even if the creator of the management software develops a patch and the IoT device manufacturer makes the update available, the implementation of the patch will not automatically occur. A human factor is necessary - to download and install a new firmware. And it happens differently. It usually does not happen.

The negative hero is Axis Communications, which is one of the largest manufacturers of webcams in the world. Senrio researchers , after one day of analysis, discovered a gap that could overflow the buffer. It has already received its own designation CVE-2017-9765, which shows that an update is available.

The " Devil's Ivy " vulnerability gives the opportunity to execute code remotely. She was found in the gSOAP library. An attacker could gain remote access to the camera image or prevent the operator from getting into the configuration. gSOAP (Simple Object Access Protocol) is a widely used set of online tools. Thanks to the library of all sorts of IoT devices, I am able to communicate with the Internet. Hence, the scale of potentially endangered devices is greatly affected by software or device manufacturers who use gSOAP. The report's authors turned to Genevia, the creator of gSOAP. It turns out that gSOAP has been downloaded over 1 million times, including by IBM, Microsoft, Adobe, Xerox and their clients. The sourceforge website says "about 30,000 downloads from the beginning of 2017.

Researchers also mention 249 susceptible camera models from Axis. Scanning on Shodan has shown that there are more than 17,000 cameras containing the vulnerability available from outside. The problem is not the hole itself, because these are always found - sooner or later. The key issue is how many Axis customers will download and implement the update. Although the manufacturer informed its customers about this security incident, we sense that 95% of these cameras will operate on the factory firmware to their electronic end.

We warn users to update firmware of routers, cameras, sensors, and similar devices with internet access. The necessary information is always found on the producers' websites. Thanks to the updated software, the attacks learned so far will no longer pose a greater threat. There is also the other side of the coin free from gaps devices - they will not be used for DDoS attacks for other purposes on the network.



Learn more about our offer

If you sell security solutions, are a distributor, authorized partner or developer and would like to share your portfolio with a group of potential customers, advertise an event, software, hardware or other services on AVLab - simply write to us. Or maybe you had to deal with ransomware? We can also help you decrypt your files.
Read more

We use Google Cloud Translation and Gengo API’s to translate articles with exception of our comparative tests.