Devil’s Ivy Update

In July 2017, cyber security researchers discovered a serious flaw, which they named “Devil’s Ivy”, that exists in nearly all cameras supporting the popular ONVIF specification. The flaw allows hackers to take full control of ONVIF-compliant cameras.

Most camera makes and models are vulnerable, including top brand high-quality cameras. Within days a few major manufacturers issued firmware updates that correct the flaw. It is up to camera owners and servicing contractors to update the cameras. There is no telling which manufacturers will make firmware corrections for their cameras, or how many of the millions of vulnerable installed cameras will actually be updated.

When vulnerable cameras and recorders can be contacted directly from the Internet, they can be easily attacked and exploited by cyber criminals and other attackers. Strong cyber security controls and constant vigilance are needed to avoid recorders being compromised. Any device connected to the Internet is typically attacked or probed hundreds of times per day, especially DVRs and NVRs, as they are a high-value target.

This is a clear example of why segmenting your network or utilizing technology like Eagle Eye Camera Cyber Lockdown is critical. Eagle Eye Camera Cyber Lockdown isolates the cameras from other networks so that they cannot be maliciously attacked nor utilized if they contain a trojan or other malware.

Eagle Eye Networks

Since 2012, Eagle Eye Networks has provided smart cloud surveillance solutions, leveraging AI to drive natural language search, automation, and more. Eagle Eye’s camera-agnostic approach heightens security while saving money, time, and resources.