Eagle Eye Networks

Devil’s Ivy Update

August 8, 2017 Eagle Eye Networks

devils-ivy-update-fi

In July 2017, cyber security researchers discovered a serious flaw, which they named “Devil’s Ivy”, that exists in nearly all cameras supporting the popular ONVIF specification. The flaw allows hackers to take full control of ONVIF-compliant cameras.

Most camera makes and models are vulnerable, including top brand high-quality cameras. Within days a few major manufacturers issued firmware updates that correct the flaw. It is up to camera owners and servicing contractors to update the cameras. There is no telling which manufacturers will make firmware corrections for their cameras, or how many of the millions of vulnerable installed cameras will actually be updated.

When vulnerable cameras and recorders can be contacted directly from the Internet, they can be easily attacked and exploited by cyber criminals and other attackers. Strong cyber security controls and constant vigilance are needed to avoid recorders being compromised. Any device connected to the Internet is typically attacked or probed hundreds of times per day, especially DVRs and NVRs, as they are a high-value target.

This is a clear example of why segmenting your network or utilizing technology like Eagle Eye Camera Cyber Lockdown is critical. Eagle Eye Camera Cyber Lockdown isolates the cameras from other networks so that they cannot be maliciously attacked nor utilized if they contain a trojan or other malware.

devils-ivy

Other posts that might interest you

loading

145,000 DVRs Compromised

Several articles, including one by the Wall Street Journal, have recently reported that approximately 145,000 hacked DVRs and cameras were used to create some of the largest denial of service…

September 30, 2016 Eagle Eye Networks

Are You Afraid of Your DVR?

You should be if it's connected to the internet. It could be the doorway for hackers to access your entire network. Once a DVR is compromised, it can be used…

October 31, 2016 Eagle Eye Networks

DDOS Cyber Attacks Update

Last week hackers forced Brian Krebs to take down his security journalism site because of a large scale Denial of Service Attack - likely one of the largest ever seen.…

September 29, 2016 Eagle Eye Networks