Products

Eagle Eye Products

Leverage Eagle Eye Networks true cloud video surveillance and artificial intelligence (AI) to make your organization more efficient and the world a safer place.

Solutions

Video Solutions for Any Industry

All businesses have a unique set of challenges they face when it comes to security. Eagle Eye Networks is ready to meet your needs with infinite scalability, flexible pricing plans, a wide array of advanced analytics, and an open API platform for unlimited customization.

Resources

Eagle Eye Resources

Access our resource library content – from product catalogs to industry whitepapers, blogs to customer success stories – to get smart on Eagle Eye Networks products and services. And, come back often, as new content is continuously added.

Partners

Eagle Eye Partners

Rapidly grow your recurring monthly revenue and your business by becoming a Certified Channel Partner with Eagle Eye Networks, number one in cloud video surveillance across the globe.

Eagle Eye Networks
Blog»Cybersecurity» Devil’s Ivy Likely Widespread

Devil’s Ivy Likely Widespread

July 24, 2017 Eagle Eye Networks

devils-ivy-c

A recently discovered vulnerability labeled “Devil’s Ivy” is expected to impact millions of cameras that support the ONVIF protocol.

The initial exploit was discovered on an Axis Camera and then found on 249 different Axis camera models – but the problem goes well beyond Axis Cameras.  The code vulnerability is in gSOAP, which is widely used by ONVIF members to implement ONVIF on cameras.  The ONVIF consortium includes nearly 500 members and includes companies such as Bosch, Canon, Cisco, D-Link, Fortinet, Hitachi, Honeywell, Huawei, Mitsubishi, Netgear, Panasonic, Sharp, Siemens, Sony, and Toshiba.

In a phone call with WIRED, Genivia founder and gSOAP creator Robert van Engelen said 34 ONVIF companies used gSOAP as paying customers, but declined to say which ones. WIRED reached out last Friday to the 15 major companies on ONVIF’s member list named above to ask if they released specific patches for their gadgets – most did not respond or declined to comment.

What is most devastating about this venerability is how widespread it is because it is in libraries that are widely used across millions of cameras.  Updating those cameras likely affected is a gargantuan project.

This is a clear example of why segmenting your network or utilizing technology like Eagle Eye Camera Cyber Lockdown is critical. Eagle Eye Camera Cyber Lockdown isolates the cameras from other networks so that they cannot be maliciously attacked nor utilized if they contain a trojan or other malware.  We do not expect that many manufacturers are equipped or organized to do a quick firmware release across all their camera models to patch this vulnerability.

You can read the WIRED article regarding the Devil’s Ivy vulnerability here:
https://www.wired.com/story/devils-ivy-iot-vulnerability/

devils-ivy

Tags

Cloud Video Surveillance | Cybersecurity | Video Management Software

Experience a Free Demo

  • By submitting this form, I agree to be bound by your Privacy Policy
    This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
  • This field is for validation purposes and should be left unchanged.

Other posts that might interest you

loading
Eagle Eye Networks

Log4j Security Update

On Friday, Dec. 10, 2021 the Apache Software Foundation disclosed a critical vulnerability (CVE-2021-44228) in its “Log4j” software. The disclosure has received extensive news coverage because of the ubiquity of…

December 13, 2021 Phillip Farr

The Dangers of Connecting Cameras Directly to the Internet

The Dangers of Connecting Cameras Directly to the Internet

Dean Drako Dean Drako is the founder and CEO of Eagle Eye Networks, the global leader in cloud video security. Eagle Eye Networks ranked #133 in Deloitte’s 2019 Technology Fast…

March 18, 2020 Eagle Eye Networks

Macy’s Hit in Cyber Data Breach

Macy's and Bloomingdales join a long list of retailers hit with cyber breaches this year, including Adidas, Under Armour, Forever21, Saks Fifth Avenue and Lord & Taylor. In a notice…

August 3, 2018 Eagle Eye Networks

white-eagle-eye-logo

© 2025Eagle Eye Networks. All rights reserved.

United States

+1-512-473-0500 [email protected]

Latin America/Caribbean

+52 55 8526 4926 [email protected]

Europe

+31 20 26 10 460 [email protected]

Japan Office

03-6868-5527 [email protected]
Products
Solutions
Resources
Partners
Company