Devil’s Ivy

Devil’s Ivy is a security vulnerability that when exploited enables an attacker to remotely access a video feed and deny the owner access to the feed. In July 2017 the security firm Senrio uncovered a stack buffer overflow vulnerability in the open source third-party toolkit gSOAP, which is used in millions of Internet of Things (IoT) devices, including security cameras from numerous vendors.

Senrio dubbed the vulnerability “Devil’s Ivy” because, like the Devil’s Ivy plant, the attack is able to spread quickly and is nearly impossible to completely eradicate once it has started to spread. This is due in part to gSOAP being included in a toolkit that has been downloaded millions of times and is currently present in thousands of devices.

As an example, the Devil’s Ivy vulnerability was found to be present on 249 video cameras sold by manufacturer Axis, which is the company Senrio first discovered the Devil’s Ivy flaw on.

How Attackers Can Exploit the Devil’s Ivy Flaw

To initiate an attack on the Devil’s Ivy vulnerability, a hacker sends a malicious payload to port 80, at which point the camera or IoT device triggers the buffer stack overflow and initiates code execution at the attacker’s discretion.

In a worst-case scenario, an attacker could prey on the Devil’s Ivy exploit to spy on and gather sensitive video information or prevent video of criminal events like a robbery from being observed or recorded.

The developer of the gSOAP software, Genivia, has released a software update with a patch for the Devil’s Ivy vulnerability, but video cameras and other Internet of Things devices are seldom updated with new software releases in most cases. As a result, the vulnerability is likely to remain an issue in millions of devices for the foreseeable future.

Forrest Stroud
Forrest Stroud
Forrest is a writer for Webopedia. Experienced, entrepreneurial, and well-rounded, he has 15+ years covering technology, business software, website design, programming, and more.

Top Articles

List of Windows Operating System Versions & History [In Order]

The Windows operating system (Windows OS) refers to a family of operating systems developed by Microsoft Corporation. We look at the history of Windows...

How to Create a Website Shortcut on Your Desktop

Website Shortcut on Your Desktop reviewed by Web Webster   This Webopedia guide will show you how to create a website shortcut on your desktop using...

What are the Five Generations of Computers? (1st to 5th)

Reviewed by Web Webster Each generation of computer has brought significant advances in speed and power to computing tasks. Learn about each of the...

Hotmail [Outlook] Email Accounts

Launched in 1996, Hotmail was one of the first public webmail services that could be accessed from any web browser. At its peak in...

SHA-256

SHA-256 is an algorithm used for hash functions and is a vital component...

Document Management System

A document management system is an automated software solution businesses and organizations use...

Conti Ransomware

Conti ransomware first emerged in 2020. It uses a ransomware as a service...