19 Jul 2017

After discovering a potentially devastating bug in the code they use in their video cameras, a maker of high-end security cameras, Axis Communications, has taken the lead in patching an issue that, if exploited, would allow the hacker to crash or even take remote control of the device.

Hopefully others in the industry will follow suit – and quickly.

The flaw is not in their product, but rather in the code that is used in the devices.  It is open-source, third-party code and is found in an innumerable number of electronic products – like security cameras. This type of “code library” is called gSOAP and is maintained by the company, Genivia.  The code is not only reusable but is popular as well, because it allows “Internet of Things” (IoT) devices – like security cameras – to communicate with each other.  This is great, but it does not come without a cost.

If code such as this is exploited, cybercriminals could turn the ability to communicate against the owner.  By running malicious code, the attacker could black out videos or even crash the system.  

As such, Genivia unveiled updated code on June 21, 2017, that fixes the vulnerability.  Gevivia CEO Robert Van Engelen has stated publicly that the company has contacted all of its clients, as a majority of the customers utilize gSOAP in their products.  However, according to Engelen, most of the users are not impacted by the issue.

Since then, however, one affected client, Axis, has already released a patch to plug the hole that was found in hundreds of it electronic products, and it would be a good idea for others who are vulnerable to follow suit.  

That being said, it is likely that not all will, and there is no way for those purchasing the products to tell whether or not it has been done.

According to a report issued by the security company, Senrio, who discovered the flaw, “On Sourceforge, gSOAP was downloaded more than 1,000 times in one week, and 30,000 times in 2017. Once gSOAP is downloaded and added to a company’s repository, it’s likely used many times for different product lines.” This means that there are likely to be hundreds of millions potentially vulnerable devices that are likely to go unpatched.

The trend to hack IoT devices has been steadily gaining over the past year, and if these companies leave their products unpatched AND connected to the internet, the results can be potentially devastating.  In addition to the threats highlighted about, It also leaves them completely vulnerable to malware that could use the devices to deploy more denial-of-service (DoS) attacks, as well.  While this flaw does not increase the vulnerability to the DoS malware, it does not make them any less vulnerable, either.

So what can you do to protect yourself from IoT threats?

  • Attach your surveillance devices to a secure Video Management System, as opposed to connecting the devices directly to the Internet.  This one step will practically eradicate any vulnerability your devices may have.
  • Change all factory settings and choose secure passwords.
  • Always update software, in order to stay ahead of the threats.

Schedule an Appointment

Schedule an Appointment

    Our clients are awesome!

    Based on 55 reviews.
    Jeremy Richards
    Jeremy Richards
    2020-03-13
    Petronella provides great advanced digital marketing and automation solutions for my business!
    Kate Swenson
    Kate Swenson
    2020-02-14
    Highly recommended for CMMC certification assistance! Excellent and affordable options for secure data hosting on local infrastructure. 5 stars!
    Tom Matzen
    Tom Matzen
    2020-01-25
    Petronella Technology Group helped us setup our sales and marketing automation, cybersecurity and compliance for our new Blockchain startup. Great to work with! Craig in particular really knows his stuff, can translate into non-tech speak, and has wisdom beyond his years. Highly recommend them.
    Justin Summers
    Justin Summers
    2020-01-14
    Craig is awesome! He is very professional and efficient with his work. I would definitely recommend Petronella Technology to anyone who needs state of the art service.
    Blake Rea
    Blake Rea
    2020-01-14
    Craig is an expert in his field. Impressed by his knowledge, A true pioneer in Cybersecurity. My business is safer thanks to Petronella Tech!
    Robert Friedman
    Robert Friedman
    2020-01-10
    For the last five years Craig has been the Contributing Editor for Cybersecurity for NC Triangle Attorney Law Magazine which I publish. His base of knowledge is always leading edge, pragmatic and early to understand for our readers who are not techies. He is patient and easy to work with.
    Tammy Everett
    Tammy Everett
    2020-01-10
    Craig Petronella, CEO of Petronella Technology Group provided the members of the Defense Alliance of North Carolina expert advice on cybersecurity and NIST compliance. Eye opening experience! Thanks so much!
    Julie Brown
    Julie Brown
    2020-01-09
    Craig and the Petronella Technology Group, Inc. team made HIPAA compliance for my small practice so simple and easy! They helped me with all of my HIPAA training, HIPAA Security Risk Assessment, Penetration Test, and HIPAA secure hosting so I can rest easy.
    Pivot Point
    Pivot Point
    2020-01-03
    Petronella Technology Group helped us with our marketing strategy for our new web startup. Awesome experience!!!!
    Richard Brunet
    Richard Brunet
    2019-12-30

    SCHEDULE AN APPOINTMENT

    Make It Happen Now

    CLIENT SUPPORT

    Don't Feel Stranded

    CONSULTATION

    Get Best Advice

    PAYMENTS

    Make A Payment

    Top