Saturday, April 13, 2024

Millions of IoT Devices Infected with “Devil’s Ivy” Remote Code Execution Vulnerability Including Internet Connected Cameras

A New Vulnerability called  “Devil’s Ivy” Discovered that infected Tens of Millions of IoT Devices which leads to Remotely Execute the code in IoT’s including cameras and Card Readers.

A stack Buffer over Flow Vulnerability  Presented in the many IoT Devices that cause Devil’s Ivy results in remote code execution and open source third-party code library found from gSOAP

This RCE Flow Tested in Axis Security Cameras and later Researchers Found that Devil’s Ivy is present in 249 distinct camera models.

Also Read Hajime Worm wrestle with Mirai Botnet to Control of your IoT Devices

It allows an attacker to remotely control the infected security cameras and leads to collect the sensitive information since this Axis security Cameras Deployed in many area including Airports,Banks etc.

gSOAP  Support  Services are Affected

gSOAP is a widely used web services toolkit and many developers used gSOAP as as part of a software stack to enable devices of all kinds to talk to the internet.

This RCE Flow presented deeply in communication layer in an open source third-party toolkit called gSOAP  (Simple Object Access Protocol).

Software or device manufacturers who used gSOAP to support their services are affected by Devil’s Ivy Flow.

gSOAP Managed by a company called Genivia claimed that more than  1M downloads of gSOAP including giant customers such as IBM, Microsoft, Adobe and Xerox.

Devil’s Ivy Flow in Axis Camera Model 

Since Axis Camera Models are highly infected IoT that claims Devil’s Ivy is present in 249 distinct camera models it goes far beyond Axis.

“Axis explained the Risk Assessment, The risk for an Axis product installed protected behind a firewall or isolated network is limited. An adversary must have network access to the camera to exploit the vulnerability.”

Demonstration of Devil’s Ivy on the Axis M3004 security camera

ONVIF forum, an organization responsible maintaining software and networking protocols said, Axis is in the company that uses in a wide range of physical security products and reported that approximately 6% of the forum members use gSOAP.

Also Read IoT Botnet is Spreading over HTTP Port 81 Exploiting Security Cameras

Report claims that tens of millions of products software products and connected devices are affected by Devil’s Ivy to some degree.

This “Devil’s Ivy” Flow was reported to Genivia and patch was immediately released.

To Read full technical Analysis visit te Technical Analysis Blog post.

Website

Latest articles

Alert! Palo Alto RCE Zero-day Vulnerability Actively Exploited in the Wild

In a recent security bulletin, Palo Alto Networks disclosed a critical vulnerability in its...

6-year-old Lighttpd Flaw Impacts Intel And Lenovo Servers

The software supply chain is filled with various challenges, such as untracked security vulnerabilities...

Hackers Employ Deepfake Technology To Impersonate as LastPass CEO

A LastPass employee recently became the target of an attempted fraud involving sophisticated audio...

Sisence Data Breach, CISA Urges To Reset Login Credentials

In response to a recent data breach at Sisense, a provider of data analytics...

DuckDuckGo Launches Privacy Pro: 3-in-1 service With VPN

DuckDuckGo has launched Privacy Pro, a new subscription service that promises to enhance user...

Cyber Attack Surge by 28%:Education Sector at High Risk

In Q1 2024, Check Point Research (CPR) witnessed a notable increase in the average...

Midnight Blizzard’s Microsoft Corporate Email Hack Threatens Federal Agencies: CISA Warns

The Cybersecurity and Infrastructure Security Agency (CISA) has issued an emergency directive concerning a...
Balaji
Balaji
BALAJI is an Ex-Security Researcher (Threat Research Labs) at Comodo Cybersecurity. Editor-in-Chief & Co-Founder - Cyber Security News & GBHackers On Security.

Top 3 SME Attack Vectors

Securing the Top 3 SME Attack Vectors

Cybercriminals are laying siege to small-to-medium enterprises (SMEs) across sectors. 73% of SMEs know they were breached in 2023. The real rate could be closer to 100%.

  • Stolen credentials
  • Phishing
  • Exploitation of vulnerabilities

Related Articles