{"id":17874,"date":"2017-07-24T09:15:14","date_gmt":"2017-07-24T14:15:14","guid":{"rendered":"http:\/\/www.eagleeyenetworks.com\/?p=17874"},"modified":"2020-08-11T14:04:05","modified_gmt":"2020-08-11T19:04:05","slug":"devils-ivy-likely-widespread","status":"publish","type":"post","link":"https:\/\/www.een.com\/nb\/blog\/devils-ivy-likely-widespread\/","title":{"rendered":"Devil&#8217;s Ivy Likely Widespread"},"content":{"rendered":"<p>A recently discovered vulnerability labeled \u201cDevil\u2019s Ivy\u201d is expected to impact millions of cameras that support the ONVIF protocol.<\/p>\n<p>The initial exploit was discovered on an Axis Camera and then found on 249 different Axis camera models &#8211; but the problem goes well beyond Axis Cameras. \u00a0The code\u00a0vulnerability is in gSOAP, which is widely used by ONVIF members\u00a0to implement ONVIF on cameras. \u00a0The ONVIF consortium includes nearly 500 members and includes companies such as Bosch, Canon, Cisco, D-Link, Fortinet, Hitachi, Honeywell, Huawei, Mitsubishi, Netgear, Panasonic, Sharp, Siemens, Sony, and Toshiba.<\/p>\n<p>In a phone call with WIRED, Genivia founder and gSOAP creator Robert van Engelen said 34 ONVIF companies used gSOAP as paying customers, but declined to say which ones. WIRED reached out last Friday to the 15 major companies on ONVIF&#8217;s member list named above to ask if they released specific patches for their gadgets &#8211; most did not respond or declined to comment.<\/p>\n<p>What is most devastating about this venerability is how widespread it is because it is\u00a0in libraries that are widely used across millions of cameras.\u00a0 Updating those cameras likely\u00a0affected is a gargantuan project.<\/p>\n<p>This is a clear example of why segmenting your network or utilizing technology like Eagle Eye Camera Cyber Lockdown is critical.\u00a0Eagle Eye Camera Cyber Lockdown isolates the cameras from other networks so that they cannot be maliciously attacked nor utilized if they contain a trojan or other malware. \u00a0We do not expect that many manufacturers are equipped or organized to do a quick firmware release across all their camera models to patch this vulnerability.<\/p>\n<p>You can read the WIRED article regarding the Devil&#8217;s Ivy vulnerability here:<br \/>\n<a href=\"https:\/\/www.wired.com\/story\/devils-ivy-iot-vulnerability\/\" target=\"_blank\" rel=\"noreferrer noopener\" data-saferedirecturl=\"https:\/\/www.google.com\/url?hl=en&amp;q=https:\/\/www.wired.com\/story\/devils-ivy-iot-vulnerability\/&amp;source=gmail&amp;ust=1500732586910000&amp;usg=AFQjCNESJXFv56uY29jpZVYq765QUi6JUg\">https:\/\/www.wired.com\/story\/<wbr \/>devils-ivy-iot-vulnerability\/<\/a><\/p>\n<p><img fetchpriority=\"high\" decoding=\"async\" class=\"alignleft size-full wp-image-17875\" src=\"https:\/\/www.een.com\/wp-content\/uploads\/2017\/07\/devils-ivy.jpg\" alt=\"devils-ivy\" width=\"800\" height=\"420\" srcset=\"https:\/\/www.een.com\/wp-content\/uploads\/2017\/07\/devils-ivy.jpg 800w, https:\/\/www.een.com\/wp-content\/uploads\/2017\/07\/devils-ivy-300x158.jpg 300w, https:\/\/www.een.com\/wp-content\/uploads\/2017\/07\/devils-ivy-100x53.jpg 100w, https:\/\/www.een.com\/wp-content\/uploads\/2017\/07\/devils-ivy-200x105.jpg 200w, https:\/\/www.een.com\/wp-content\/uploads\/2017\/07\/devils-ivy-400x210.jpg 400w, https:\/\/www.een.com\/wp-content\/uploads\/2017\/07\/devils-ivy-600x315.jpg 600w\" sizes=\"(max-width: 800px) 100vw, 800px\" \/><\/p>\n","protected":false},"excerpt":{"rendered":"<p>A recently discovered vulnerability labeled \u201cDevil\u2019s Ivy\u201d is expected to impact millions of cameras that support the ONVIF protocol. The initial exploit was discovered on an Axis Camera and then &hellip;<\/p>\n<p class=\"read-more\"> <a class=\"\" href=\"https:\/\/www.een.com\/nb\/blog\/devils-ivy-likely-widespread\/\"> <span class=\"screen-reader-text\">Devil&#8217;s Ivy Likely Widespread<\/span> Les mer &raquo;<\/a><\/p>\n","protected":false},"author":3155,"featured_media":17876,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"_relevanssi_hide_post":"","_relevanssi_hide_content":"","_relevanssi_pin_for_all":"","_relevanssi_pin_keywords":"","_relevanssi_unpin_keywords":"","_relevanssi_related_keywords":"","_relevanssi_related_include_ids":"","_relevanssi_related_exclude_ids":"","_relevanssi_related_no_append":"","_relevanssi_related_not_related":"","_relevanssi_related_posts":"","_relevanssi_noindex_reason":"","footnotes":""},"categories":[230],"tags":[1273,1276,1272],"class_list":["post-17874","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-cyber-security","tag-cloud-video-surveillance","tag-cybersecurity","tag-video-management-software"],"acf":[],"aioseo_notices":[],"_links":{"self":[{"href":"https:\/\/www.een.com\/nb\/wp-json\/wp\/v2\/posts\/17874","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.een.com\/nb\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.een.com\/nb\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.een.com\/nb\/wp-json\/wp\/v2\/users\/3155"}],"replies":[{"embeddable":true,"href":"https:\/\/www.een.com\/nb\/wp-json\/wp\/v2\/comments?post=17874"}],"version-history":[{"count":0,"href":"https:\/\/www.een.com\/nb\/wp-json\/wp\/v2\/posts\/17874\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.een.com\/nb\/wp-json\/wp\/v2\/media\/17876"}],"wp:attachment":[{"href":"https:\/\/www.een.com\/nb\/wp-json\/wp\/v2\/media?parent=17874"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.een.com\/nb\/wp-json\/wp\/v2\/categories?post=17874"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.een.com\/nb\/wp-json\/wp\/v2\/tags?post=17874"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}