Senrio in the News

Senrio: Exclusive Sponsor of the 2017 Pwnie Awards

7/26/2017

The Sixth Year in a Row Our Trainings Sell Out at Black Hat

7/22/2017

If you want to learn how to reverse engineer or exploit embedded systems and mobile devices, we can show you!

ZDNet Coverage of Senrio's Devil's Ivy Vulnerability

7/20/2017

Read the full article at ZDNet.

Millions of IoT devices are vulnerable to widespread bug

7/19/2017

Researchers have found that security cameras using an open-source code called gSOAP could be easily hacked and that attackers can send commands remotely. This allowed the researchers at Senrio, a security firm focused on the internet of things, to take over a video feed, pause the recording and turn the camera off.

Read more at CNET

COO, Michael Tanji in Wired report on Senrio IoT Vulnerability Research

7/18/2017

Read the full article at Wired.

Vice Reporting on Senrio Devil's Ivy Vulnerability

7/18/2017

"We basically have complete control of the camera as if it was our own computer," said Stephen Ridley, founder of security startup Senrio in a phone call with Motherboard.

Read the full article at Vice.

Zero-Day Exploit Surfaces that May Affect Millions of IoT Users

7/18/2017

Senrio, which made the discovery when researching Axis security cameras, found the flaw in the communications layer of gSOAP, an XML web services development tool. gSOAP allows devices to communicate with the Internet.

Read more at Dark Reading

Brian Krebs: Experts in Lather Over 'gSOAP' Security Flaw

7/17/2017

Axis Communications — a maker of high-end security cameras whose devices can be found in many high-security areas — recently patched a dangerous coding flaw in virtually all of its products that an attacker could use to remotely seize control over or crash the devices.

The problem wasn’t specific to Axis, which seems to have reacted far more quickly than competitors to quash the bug. Rather, the vulnerability resides in open-source, third-party computer code that has been used in countless products and technologies (including a great many security cameras), meaning it may be some time before most vulnerable vendors ship out a fix — and even longer before users install it.

Still, there are almost certainly dozens of other companies that use the vulnerable gSOAP code library and haven’t (or won’t) issue updates to fix this flaw, says Stephen Ridley, chief technology officer and founder of Senrio — the security company that discovered and reported the bug. What’s more, because the vulnerable code is embedded within device firmware (the built-in software that powers hardware), there is no easy way for end users to tell if the firmware is affected without word one way or the other from the device maker.

Read the full article