gSOAP is a open-source code library which allows hardware to be configured and controlled via web connections and is used by hundreds of companies including Axis, Microsoft, IBM, Adobe and Xerox. It has a vulnerability which allows an attacker to trigger a stack overflow by sending a specific POST command over port 80 to a device, which in the case of cameras allows you to watch the live feed. The vulnerability was patched in an update to gSOAP so future products will not have this issue, however any camera built on that library which currently in use is vulnerable. The manufacturers would have to create an update to their own software and push it out to all the cameras currently in use to resolve this issue, and if there is one thing we know for sure about IoT products, it is that these patches do not tend to be created, let alone pushed out.
For more depressing details you can pop by The Register.
"Security researchers investigating internet-connected video cameras have uncovered a bug that could conceivably leave millions of devices open to easy pwnage."
Here is some more Tech News from around the web:
- Intel has 'eliminated' its entire wearables division @ The Inquirer
- Microsoft will support Windows 10 on Clover Trail after all (well, a bit) @ The Inquirer
- Ethereum Co-Founder Says Cryptocurrencies Are 'a Ticking Time Bomb' @ Slashdot
- The Kaspersky Palaeontology of Cybersecurity Conference @ TechARP
- Amazon Echo Show @ Hardware Secrets
- Apple hurls out patches for dozens of security holes in iOS, macOS @ The Register
Heh. All your surveillance
Heh. All your surveillance are belong to me! WHAT YOU SAY!? (goes nicely with my avatar, don’t you think?)
This is why I hate the very idea of “The Internet Of Things.”
You mean the Internet of
You mean the Internet of Shit, eh?
“Cameras utilizing a VMS
“Cameras utilizing a VMS (video management system) or recorder for remote access, instead of being directly connected to the internet, are essentially immune from remote attack…”
I have never worked at a company that connects their security cameras directly to the Internet. This is more of a concern for homeowners that buy cameras that hook into websites for viewing from the web (baby monitors and such.)
That makes you smarter than
That makes you smarter than the average bear.
I am pretty sure Axis is on
I am pretty sure Axis is on top of this. They try to be very transparent and proactive when it comes to vulnerabilities. They even have a white paper on the proper way to secure your devices.