camera with ivy

Is the gSOAP Vulnerability Really a Surprise for IP camera users?

It has recently been identified and reported that the ubiquitous gSoap library used in many vendors IP cameras is subject to a stack buffer overflow vulnerability (CVE-2017-9765), referred to as Devil’s Ivy by the discoverers Senrio Labs. Devil’s Ivy results in remote code execution, and was found in an open source third-party code library, from gSOAP. When exploited, it allows an attacker to remotely access a video feed or deny the owner access to the feed. This has resulted in widespread concern, however should the existence and widespread exposure to this sort of problem really be a surprise? There have been a number of estimates for the ratio of number…

Remote Monitoring Station

The Real Price of Using Open IP Security Cameras

The real price of using “open” IP security cameras? Whether the concerns arise from foreign owned manufacturers compromising CCTV devices, or CCTV devices being compromised by any attacker, media reports highlight the inevitable concerns and risks of utilising generic open source services and libraries in an ‘unattended’ security appliance such as a camera. This is of course seriously compromised further when there are fixed ‘back door’ root shell passwords, or nearly as bad are widely publicized generic passwords, which give the user a completely false impression that their products are in fact protected. The NetVu software philosophy for some years now is that such default passwords are very dangerous, and…