Header Ads

Devil's Ivy, IoT security


There's been another wake-up call concerning our old friend the internet of things. As usual, it comes in the form of yet another security vulnerability in the wild. Although the amount of damage this one can do remains uncertain, we know it affects an extremely large number of devices, and at the very least can be used to disable security cameras from one affected company.
Ultimately, the amount of damage it will cause will depend on whether users of affected products are implementing best security practices when it comes to connected devices. This includes not only keeping devices patched -- if possible -- but other actions such as keeping IoT security devices protected behinds firewalls.
The vulnerability -- called Devil's Ivy or CVE-2017-9765 -- was made public last week by Senrio, a company that specializes in IoT security. It initially found the bug in the M3004 model security camera marketed by Axis Communications, but further research found that 249 of Axis's 251 surveillance camera models are affected. - Read more 

Researchers believe that their exploit would work on internet-connected devices from other vendors as well, as the affected software is used by Canon, Siemens, Cisco, Hitachi, and many others.

No comments:

Powered by Blogger.