gSOAP open-source software development library aeration“green rose”vulnerability, millions of IoT devices in jeopardy-vulnerability warning-the black bar safety net

Remember a few days ago Avanti vending machines loopholes, leakage of a large amount of user information? It didn’t take long, the other one for IoT device attacks appeared again, this time the recruitment is the development of IoT devices open-source software library that may affect millions of IoT devices.
Security researcher found a large number of the IoT device developers the use of open source software development Library for gSOAP in the emergence of a severe remote code execution vulnerability that could affect millions of IoT devices.
! [](/Article/UploadPic/2017-7/20177201572551. png? www. myhack58. com)
gSOAP is a double-authorized library that can be used for free can also be used for commercial purposes by Genivia company development and maintenance, wherein the SOAP is the Simple Object Access Protocol acronym, meaning the Simple Object Access Protocol. gSOAP is widely used in embedded device firmware development in C/C++ library. Genivia at its official website shows, the gSOAP library can help manufacturers“the development in line with the industry, the latest XML, XML WebService, WSDL, SOAP, REST, JSON, WS-Security and other standards products.”
IoT security company Senrio researcher first in the gSOAP found this vulnerability number CVE-2017-9765, and named it “Devil’s Ivy”in green dill on.“ Green Rose” is a stack buffer overflow vulnerability that may allow a hacker remote attack DOS attacks in SOAP Web Services daemon, and in the presence of a vulnerability on a device to execute arbitrary code.
Senrio representation, the reason for this vulnerability is named the“green Rose”, is because of this vulnerability just like the green dill-like, hard to kill, but also through code reuse can quickly spread. This vulnerability exists in the download the amount up to millions of third-party tools package, it can affect millions of IoT devices, and very difficult to remove.
The main attack Axis security cameras
The researchers in the analysis of Axis M3004 Security Camera products, for the first time found “the green rose” vulnerability.“ Green dill” attack by Axis Communications, axis network communications company, to develop secure networked Camera, the video below will demonstrate the entire attack process.

The use of“green rose”, the attacker can remotely access a segment of video data, or prevent the original user to access the video information.
Originally this camera is mainly used for security, for example, for Bank Hall monitoring, etc. If attacked, will lead to disclosure of sensitive information, or cause the supervisor is unable to detect or record a crime, resulting in criminal evidence is lost.
The researchers used the reverse tool IDA Pro, detection to the“green radish”part of the attack details:
! [](/Article/UploadPic/2017-7/20177201572413. png? www. myhack58. com)
Vulnerability and fix
Axis company recognized its 252 camera products in 249 paragraph are subject to the“green radish”vulnerability, and in the 6 on 6 November released a firmware upgrade for the repair of vulnerabilities. The relevant users should upgrade immediately updated.
The following is the full Camera Model List, the user can control the list, identify yourself as a webcam model and take the appropriate repair measures.
! [](/Article/UploadPic/2017-7/20177201572217. png? www. myhack58. com)
! [](/Article/UploadPic/2017-7/20177201573247. png? www. myhack58. com)
Vulnerabilities after the outbreak, the Axis immediately to be responsible for the maintenance gSOAP by Genivia company reported this vulnerability, Genivia then, in 6 month 21 days the issuance of the patch, contact the ONVIF, the vulnerability notice all use gSOAP for the ONVIF members, including Canon, Cisco, Siemens, etc., and urge these vendors as soon as possible to fix vulnerabilities. ONVIF stands for open network video interface Forum, is an international non-profit organization by a group of hardware manufacturers spontaneous composition, often publishing IT technology and solutions.
Although the Axis in the product to fix the “green rose” vulnerability, but researchers are still worried, they believe that this vulnerability may also affect other IoT devices, as Canon, Siemens, Cisco, Hitachi and other major manufacturers are using gSOAP this developer library. Moreover, gSOAP has a huge IoT developer user groups. Genivia has in the official website declared that the gSOAP downloads exceeded 100 million times.
Discover the vulnerability of Senrio the company analyzed the available information, found that about 6% of the NOVIF members using the gSOAP development of products, Senrio infer, there may be millions of devices will be“green rose”effect.
! [](/Article/UploadPic/2017-7/20177201573138. png? www. myhack58. com)
Response on IoT attack
Maybe in life, we are familiar with the networking device is a personal computer and a mobile phone, but in fact, Large the intersection of traffic lights, small wrist wearable device, all belonging to the IoT device. IoT devices are flooded with every aspect of our lives, its security issues can not be ignored.
In recent years, the IoT device vulnerabilities are frequent, can be described as Network Security most vulnerable. Hackers often take advantage of the IoT device vulnerabilities, intrusion security network, to more serious damage. The detection of“green rose”, Senrio company for IoT security presents some recommendations:
1. Security hardware facilities are not connected to the public network: 7 on 1 May, a Sudanese researcher, said more than 14700 Station Axis spherical Surveillance Camera vulnerabilities, anyone can access the surveillance video. In fact, all the presence of the“green rose”vulnerability of the camera are very easy to exploit. Security Camera such device should be connected to the personal network, so as to reduce the invasion possible.
2. As much as possible to do everything IoT the security guardmeasures: for IoT devices set up a firewall or using NAT network address translation technology, you can reduce the IoT device of the degree of exposure, and enhance the threat detection index.
3. Timely update and patching: vulnerability is inevitable. Leakage occurs, the user can do is in a patch is released for the first time to download updates, and timely repair.
For manufacturers, the added like ONVIF such groups may be a great benefit. In such groups, not only to achieve rapid emergency response and linkage, in a timely and effective stop-loss, but also to achieve more technology sharing and Threat Intelligence are used interchangeably, as far as possible to reduce security risks.