Devil's Ivy is a security vulnerability that when exploited enables an attacker to remotely access a video feed and deny the owner access to the feed. In July 2017 the security firm Senrio uncovered a stack buffer overflow vulnerability in the open source third-party toolkit gSOAP, which is used in millions of Internet of Things (IoT) devices, including security cameras from numerous vendors.
Senrio dubbed the vulnerability "Devil's Ivy" because, like the Devil's Ivy plant, the attack is able to spread quickly and is nearly impossible to completely eradicate once it has started to spread. This is due in part to gSOAP being included in a toolkit that has been downloaded millions of times and is currently present in thousands of devices.
As an example, the Devil's Ivy vulnerability was found to be present on 249 video cameras sold by manufacturer Axis, which is the company Senrio first discovered the Devil's Ivy flaw on.
How Attackers Can Exploit the Devil's Ivy Flaw
To initiate an attack on the Devil's Ivy vulnerability, a hacker sends a malicious payload to port 80, at which point the camera or IoT device triggers the buffer stack overflow and initiates code execution at the attacker's discretion.
In a worst-case scenario, an attacker could prey on the Devil's Ivy exploit to spy on and gather sensitive video information or prevent video of criminal events like a robbery from being observed or recorded.
The developer of the gSOAP software, Genivia, has released a software update with a patch for the Devil's Ivy vulnerability, but video cameras and other Internet of Things devices are seldom updated with new software releases in most cases. As a result, the vulnerability is likely to remain an issue in millions of devices for the foreseeable future.
IT Solutions Builder TOP IT RESOURCES TO MOVE YOUR BUSINESS FORWARD
Which topic are you interested in?
What is your company size?
What is your job title?
What is your job function?
Searching our resource database to find your matches...
Stay up to date on the latest developments in Internet terminology with a free newsletter from Webopedia. Join to subscribe now.
The following coding and IT boot camp facts and statistics provide an introduction to the changing trends in education and training programs. Read More »Top Cloud Computing Facts
The following facts and statistics capture the changing landscape of cloud computing and how service providers and customers are keeping up with... Read More »Texting & Chat Abbreviations
From A3 to ZZZ this guide lists 1,500 text message and online chat abbreviations to help you translate and understand today's texting lingo. Read More »
Java is a high-level programming language. This guide describes the basics of Java, providing an overview of syntax, variables, data types and... Read More »Java Basics, Part 2
This second Study Guide describes the basics of Java, providing an overview of operators, modifiers and control Structures. Read More »Network Fundamentals Study Guide
Networking fundamentals teaches the building blocks of modern network design. Learn different types of networks, concepts, architecture and... Read More »