gSOAP is a open-source code library which allows hardware to be configured and controlled via web connections and is used by hundreds of companies including Axis, Microsoft, IBM, Adobe and Xerox. It has a vulnerability which allows an attacker to trigger a stack overflow by sending a specific POST command over port 80 to a device, which in the case of cameras allows you to watch the live feed. The vulnerability was patched in an update to gSOAP so future products will not have this issue, however any camera built on that library which currently in use is vulnerable. The manufacturers would have to create an update to their own software and push it out to all the cameras currently in use to resolve this issue, and if there is one thing we know for sure about IoT products, it is that these patches do not tend to be created, let alone pushed out.

For more depressing details you can pop by The Register.

"Security researchers investigating internet-connected video cameras have uncovered a bug that could conceivably leave millions of devices open to easy pwnage."

Here is some more Tech News from around the web:

Tech Talk