Collaborate Disseminate
Tens of millions of products ranging from airport surveillance cameras, sensors, networking equipment and IoT devices are vulnerable to a flaw that allows attacks to remotely gain control over devices or crash them. Continue reading Bad Code Library Triggers Devil’s Ivy Vulnerability in Millions of IoT Devices
Coding flaws evident in a popular open source software library known as gSOAP, which has been adopted in recent years by manufacturers of “smart devices,” could allow a hacker to remotely control and infect internet-connected hardware like security cameras with malware, according to research published Tuesday by IoT-focused cybersecurity firm Senrio. The findings are significant because they highlight a series of vulnerabilities in a common coding framework that is already widely used by technology manufacturers and embedded in deployed devices. The research underscores the security development gap in many Internet of Things devices. Such vulnerabilities already have contributed to the rise of massive botnets that can be used in crippling distributed denial-of-service attacks. In the case of an internet-connected video camera, the bug in gSOAP could be exploited by a hacker to install a backdoor implant, block an admin from making settings changes or to allow access to live video feeds. Senrio chief […]
The post A vulnerability in IoT software has opened a door into thousands of internet-connected devices appeared first on Cyberscoop.
Axis Communications — a maker of high-end security cameras whose devices can be found in many high-security areas — recently patched a dangerous coding flaw in virtually all of its products that an attacker could use to remotely seize control over or crash the devices.
The problem wasn’t specific to Axis, which seems to have reacted far more quickly than competitors to quash the bug. Rather, the vulnerability resides in open-source, third-party computer code that has been used in countless products and technologies (including a great many security cameras), meaning it may be some time before most vulnerable vendors ship out a fix — and even longer before users install it. Continue reading Experts in Lather Over ‘gSOAP’ Security Flaw
Router manufacturer TP-Link recently fixed a vulnerability in a discontinued line of routers that if exploited could have been used to execute code on the device.
Continue reading TP-Link Fixes Code Execution Vulnerability in End-of-Life Routers
A software component that exposed D-Link Wi-Fi cameras to remote attacks is also used in more than 120 other products sold by the company. Continue reading D-Link Wi-Fi Camera Flaw Extends to 120 Products
A software component that exposed D-Link Wi-Fi cameras to remote attacks is also used in more than 120 other products sold by the company. Continue reading D-Link Wi-Fi Camera Flaw Extends to 120 Products
D-Link’s DCS930L Wi-Fi camera is vulnerable to a stack overflow vulnerability that can be remotely exploited. Continue reading Unpatched D-Link Wi-Fi Camera Flaw Remotely Exploitable