Windows 10: Millions of IoT devices hit by 'Devil's Ivy' bug in open source code


  1. Posts : 19,365
    Win 7 32, Win 7 64 Pro, Win 8.1 64 Pro, Win 10 64 Education Edition
       21 Jul 2017 #1

    Millions of IoT devices hit by 'Devil's Ivy' bug in open source code


    A flaw in a widely-used code library known as gSOAP has exposed millions of IoT devices, such as security cameras, to a remote attack.

    Researchers at IoT security firm Senrio discovered the Devil's Ivy flaw, a stack buffer overflow bug, while probing the remote configuration services of the M3004 dome camera from Axis Communications. The bug occurs when sending a large XML file to a vulnerable system's web server.
    Millions of IoT devices hit by 'Devil's Ivy' bug in open source code library | ZDNet
      My ComputerSystem Spec


  2. Posts : 1,689
    W7 Ultimate SP1 (64 bit), LM 18.3 MATE (64 bit), W10 Home (64 bit)
       21 Jul 2017 #1

    I've been saying for years that IoT is a horrible nightmare.

    It should never have been allowed, given all the security issues with PCs and phones.

    Until commercial software is treated the same way as real products we will keep having these problems.
      My ComputerSystem Spec

  3.    21 Jul 2017 #2

    lehnerus2000 said: View Post
    It should never have been allowed, given all the security issues with PCs and phones.
    "Allowed"? Who exactly is the arbiter of what can and cannot be placed on the internet?
      My ComputerSystem Spec


  4. Posts : 95
    Windows 10 Pro for Workstations
       21 Jul 2017 #3

    We have 3 Foscam cameras (1 in our 4-year-old's bedroom, her playroom, and one in the basement where we keep our dogs). Initially, I had them set up so that they were directly accessible on the net (I was using an app called Babycam Monitor to access it). I quickly learned of the vulnerabilities and decided to close the cameras. I disabled UPnP and disabled port forwarding on my router (Ubiquiti UniFi USG-Pro). Now I can only access them via connection to my OpenVPN server. The OpenVPN server is the only port open.

    I have a ton of IoT devices, which I've separated into VLAN's. Nokia WiFi scale, Chamberlain garage door openers, Samsung washer/dryer, Amazon Dash buttons, Alexa devices, etc. It makes my life much easier, but I'm aware of the risks. I try to keep them as up-to-date as possible and try to keep them from connecting to my main network.

    This is just a risk I take in order to make my life more convenient. Sooner or later I'm sure I will be hit despite all the security measures I've taken.
      My ComputerSystem Spec


  5. Posts : 1,689
    W7 Ultimate SP1 (64 bit), LM 18.3 MATE (64 bit), W10 Home (64 bit)
       22 Jul 2017 #4

    Mystere said: View Post
    "Allowed"? Who exactly is the arbiter of what can and cannot be placed on the internet?
    The same ones who demand that you obey the law and pay your taxes.
      My ComputerSystem Spec

  6.    23 Jul 2017 #5

    "Allowed"? Who exactly is the arbiter of what can and cannot be placed on the internet?
    The same ones who came down hard on the child who was selling lemonade, to protect the child and deter others from taking on such risks. The same ones who issue licenses and certifications to businesses to ensure consumers at the least have an appearance of protection.

    Regarding IoT, there is no appearance of protection. Someone like ericnxmd can protect himself to some degree. The rest of us require the governance to protect us.
      My ComputerSystem Spec


 

Related Threads
Solved Windows 10 Source Code leak in General Support
https://www.theregister.co.uk/2017/06/23/windows_10_leak/?mt=1498255659291
Hello all, I will try to explain my problem as clear as I can. I am not super tech savvy, so I need your help. I found a thread that seemed to have the same problem but it did not fix mine. Before I upgraded from Windows 8.1 to 10, everything...
This is a notepad app I'm planning to add to it a new features this is just a hobby Dropbox - Notes.7z
Hi Everyone, I'm new here, having recently updated from Windows 7 to 10. All seemed fine for a while then a major problem happened - lost a week trying to solve it so far! My source code is in a CodeBlocks 'window ', that has moved of its...
Read more: Why Avast won't show source code to the government, but others do | ZDNet
Our Sites
Site Links
About Us
Windows 10 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 10" and related materials are trademarks of Microsoft Corp.

Designer Media Ltd
All times are GMT -5. The time now is 19:01.
Find Us