IoT Devices at a Risk
Security researchers at Senrio, an IoT focused security firm, have a discovered a stack buffer overflow vulnerability (CVE-2017-9765) in an open source third party code library gSOAP- an advanced C/C++ auto-coding tool used for developing XML Web services and XML application.
Devil’s Ivy, the stack buffer overflow vulnerability, allows the attacker to crash the SOAP Web services daemon remotely and execute code on the affected devices.
The vulnerability was first discovered in Axis Communication security devices. The organization has also claimed that the vulnerability exists in 249 distinct camera models.
The researchers have also said that the vulnerability goes beyond just Axis as gSOAP toolkit is a widely used web services toolkit that allows developers to enable devices of all kinds to communicate to the internet.
Tips on improving the security of IoT Devices
- Physical security devices should be kept away from the public internet
- IoT devices should be defended always
- Patch devices with known vulnerabilities