Posts Tagged ‘IOT’

Remotely Exploitable Flaw Puts Millions of Internet-Connected Devices at Risk

Wednesday, July 19th, 2017
internet-of-the-things-hacking

Security researchers have discovered a critical remotely exploitable vulnerability in an open-source software development library used by major manufacturers of the Internet-of-Thing devices that eventually left millions of devices vulnerable to hacking.

The vulnerability (CVE-2017-9765), discovered by researchers at the IoT-focused security firm Senrio, resides in the software development library called gSOAP toolkit (Simple Object Access Protocol) — an advanced C/C++ auto-coding tool for developing XML Web services and XML application.

Dubbed “Devil’s Ivy,” the stack buffer overflow vulnerability allows a remote attacker to crash the SOAP WebServices daemon and could be exploited to execute arbitrary code on the vulnerable devices.

The Devil’s Ivy vulnerability was discovered by researchers while analysing an Internet-connected security camera manufactured by Axis Communications.

“When exploited, it allows an attacker to remotely access a video feed or deny the owner access to the feed,” researchers say.

“Since these cameras are meant to secure something, like a bank lobby, this could lead to collection of sensitive information or prevent a crime from being observed or recorded.”

Axis confirmed the vulnerability that exists in almost all of its 250 camera models (you can find the complete list of affected camera models here) and has quickly released patched firmware updates on July 6th to address the vulnerability, prompting partners and customers to upgrade as soon as possible.

However, researchers believe that their exploit would work on internet-connected devices from other vendors as well, as the affected software is used by Canon, Siemens, Cisco, Hitachi, and many others.

Axis immediately informed Genivia, the company that maintains gSOAP, about the vulnerability and Genivia released a patch on June 21, 2017.

The company also reached out to electronics industry consortium ONVIF to ensure all of its members, including Canon, Cisco, and Siemens, those who make use of gSOAP become aware of the issue and can develop patches to fix the security hole.

Internet of Things (IoT) devices has always been the weakest link and, therefore, an easy entry for hackers to get into secured networks. So it is always advisable to keep your Internet-connected devices updated and away from the public Internet.

Source: Remotely Exploitable Flaw Puts Millions of Internet-Connected Devices at Risk

Samsung unveils prototype health device a week before Apple’s expected Healthbook launch | mobihealthnews

Thursday, May 29th, 2014

One week before Apple’s World Wide Developer Conference, where the company is widely expected to announce its rumored Healthbook app, Samsung hosted an event called Voice of the Body in San Francisco to show off a couple of digital health projects.

The two new digital health projects included Simband, an “investigational device” — not a product – that is stocked with a variety of health sensors and room for third party developers to add their own. Samsung also unveiled Samsung Architecture Multimodal Interactions, or SAMI, which it described as a “data broker” that future devices based on the Simband and other third party health tracking devices could upload data to that could then be used by app developers to create new apps.

During his presentation Samsung Electronics’ Young Sohn, president and chief strategy officer of device solutions at the company, said that consumer-driven digital health has had three generations so far. The last five years were all about smartphone health apps, while the second generation — the one we’re in now — is focused on connected fitness devices. Next, digital health is moving into the wearable sensor era.

via Samsung unveils prototype health device a week before Apple’s expected Healthbook launch | mobihealthnews.