Every day, the world is becoming more connected. Our smart phones, our cars, even appliances in our homes are linked via the internet. Internet of Things (IoT) or Internet of Everything is shorthand for the opportunity to create new commercial value by making things smart. But, with the convenience that this may bring, it also brings security woes that stem from more than just connecting a bunch of gadgets to an internet teeming with hackers. Often, dozens of different vendors run the same third-party code across a wide assortment of products. That means a single bug can impact an astonishing number of different devices. Or, as one security company’s researchers recently found, vulnerability in a single internet-connected security camera can expose a flaw that leaves thousands of different models of device at risk.
Researchers recently found vulnerability in a camera manufactured by well-known and respected Axis. They discovered that a bug would allow a hacker to potentially disable it, install malware on it or even intercept or spoof its video stream. And the attack, they soon discovered, worked for not just that one camera model, but any of the 249 Axis offers. Axis quickly released a patch but cautioned that the bug wasn’t in Axis’s code, but rather in a code library distributed as part of a popular gSOAP developer platform that is used to implement a protocol called ONVIF, or Open Network Video Interface Forum, a networking language for security cameras and other physical security devices used by the ONVIF consortium, whose members include companies like Bosch, Canon, Cisco, D-Link, Honeywell, Mitsubishi, Netgear, Panasonic, Sharp, Siemens, Sony, and Toshiba.
The majority of vulnerable devices that use the ONVIF protocol hide behind firewalls and other kinds of network segmentation, making them harder to find and exploit. But this issue should remind us of the importance of security on all of the computerized devices we’ve come to rely on in our homes, workplaces and our everyday lives. There’s something quite ironic about devices we purchase to help make us more secure; from home security systems to the more sophisticated large campus video surveillance systems, being used as a tool against us – but that is the reality of today. If security of these devices wasn’t a concern when you had them installed, it should be now and Safer Places can help. If you have concerns, please contact us for a free, no-obligation discussion about your options.