gSOAP is a open-source code library which allows hardware to be configured and controlled via web connections and is used by hundreds of companies including Axis, Microsoft, IBM, Adobe and Xerox. It has a vulnerability which allows an attacker to trigger a stack overflow by sending a specific POST command over port 80 to a device, which in the case of cameras allows you to watch the live feed. The vulnerability was patched in an update to gSOAP so future products will not have this issue, however any camera built on that library which currently in use is vulnerable. The manufacturers would have to create an update to their own software and push it out to all the cameras currently in use to resolve this issue, and if there is one thing we know for sure about IoT products, it is that these patches do not tend to be created, let alone pushed out.
"Security researchers investigating internet-connected video cameras have uncovered a bug that could conceivably leave millions of devices open to easy pwnage."
Here is some more Tech News from around the web:
- Intel has 'eliminated' its entire wearables division @ The Inquirer
- Microsoft will support Windows 10 on Clover Trail after all (well, a bit) @ The Inquirer
- Ethereum Co-Founder Says Cryptocurrencies Are 'a Ticking Time Bomb' @ Slashdot
- The Kaspersky Palaeontology of Cybersecurity Conference @ TechARP
- Amazon Echo Show @ Hardware Secrets
- Apple hurls out patches for dozens of security holes in iOS, macOS @ The Register