The Devil’s Ivy May Be in the Details and Floating Around in Your IOT Refrigerator Device

Redport Information Assurance
It has been recently reported in Hacker News that security researchers from Senrio have discovered yet another critical vulnerability in the Internet of Things (IOT). The vulnerability known as CVE-2017-9765 resides in a software library named the Simple Object Access Protocol (gSOAP) toolkit. It’s an advanced C/C++ auto-coding tool for developing XML web based services and applications. The vulnerability is being called “Devil’s Ivy”. It is a stack buffer overflow vulnerability which allows remote threat actors to crash SOAP WebServices and enable them to execute remote arbitrary code on vulnerable IOT devices such as your internet connected refrigerator located in your kitchen. However, Senrio states that the most vulnerable devices have been SLR cameras. It has been known that IOT devices remain to be the weakest in terms of standing up to cyber vulnerabilities. Therefore, Sue Gonzalez, Redport Information Assurance Director of Cyber Programs advises that users should always keep their internet-connected devices updated and if possible, away from the public internet. Vendors have been recently made aware of the “Devils Ivy” vulnerability so that vendors can work on patches and updates in order to fix the security hole. There has not been a release date announced, therefore users must checked their vendors web sites for updates.

By Dr. Randall Sylvertooth

Reference:
http://thehackernews.com/2017/07/gsoap-iot-device-hacking.html?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+TheHackersNews+%28The+Hackers+News+-+Security+Blog%29&_m=3n.009a.1538.qe0ao065ex.x6a


For more information about Redport’s information assurance and cyber security services, visit www.redport-ia.com, email us at info@redport-ia.com, like us on Facebook, and follow us on Twitter@redport_ia.

Gaithersburg, MD, USA