Millions of IoT Devices Infected with “Devil’s Ivy” RCE vulnerability

A New Vulnerability called  “Devil’s Ivy” Discovered that infected Tens of Millions of IoT Devices which leads to Remotely Execute the code in IoT’s including cameras and Card Readers.

A stack Buffer over Flow Vulnerability  Presented in the many IoT Devices that cause Devil’s Ivy results in remote code execution and open source third-party code library found from gSOAP

This RCE Flow Tested in Axis Security Cameras and later Researchers Found that Devil’s Ivy is present in 249 distinct camera models.

Also Read Hajime Worm wrestle with Mirai Botnet to Control of your IoT Devices

It allows an attacker to remotely control the infected security cameras and leads to collect the sensitive information since this Axis security Cameras Deployed in many area including Airports,Banks etc.

gSOAP  Support  Services are Affected

gSOAP is a widely used web services toolkit and many developers used gSOAP as as part of a software stack to enable devices of all kinds to talk to the internet.

This RCE Flow presented deeply in communication layer in an open source third-party toolkit called gSOAP  (Simple Object Access Protocol).

Software or device manufacturers who used gSOAP to support their services are affected by Devil’s Ivy Flow.

gSOAP Managed by a company called Genivia claimed that more than  1M downloads of gSOAP including giant customers such as IBM, Microsoft, Adobe and Xerox.

Devil’s Ivy Flow in Axis Camera Model 

Since Axis Camera Models are highly infected IoT that claims Devil’s Ivy is present in 249 distinct camera models it goes far beyond Axis.

“Axis explained the Risk Assessment, The risk for an Axis product installed protected behind a firewall or isolated network is limited. An adversary must have network access to the camera to exploit the vulnerability.”

Demonstration of Devil’s Ivy on the Axis M3004 security camera

ONVIF forum, an organization responsible maintaining software and networking protocols said, Axis is in the company that uses in a wide range of physical security products and reported that approximately 6% of the forum members use gSOAP.

Also Read IoT Botnet is Spreading over HTTP Port 81 Exploiting Security Cameras

Report claims that tens of millions of products software products and connected devices are affected by Devil’s Ivy to some degree.

This “Devil’s Ivy” Flow was reported to Genivia and patch was immediately released.

To Read full technical Analysis visit te Technical Analysis Blog post.