Security researchers working with the Cybersecurity (opens in new tab) and Infrastructure Security Agency (CISA) have disclosed a critical vulnerability that affects millions of Internet of Things (IoT (opens in new tab)) devices.
Disclosed by security vendor Mandiant (opens in new tab), the vulnerability impacts IoT devices that are powered by ThroughTek’s Kalay platform, which is often used by IoT camera (opens in new tab) manufacturers, as well as in smart baby monitors, and Digital Video Recorder (DVR) (opens in new tab) products.
“This vulnerability, discovered by researchers on Mandiant’s Red Team in late 2020, would enable adversaries to remotely compromise victim IoT devices, resulting in the ability to listen to live audio, watch real time video data, and compromise device credentials for further attacks based on exposed device functionality,” explained Mandiant (opens in new tab).
We're looking at how our readers use VPNs with streaming sites like Netflix so we can improve our content and offer better advice. This survey won't take more than 60 seconds of your time, and we'd hugely appreciate if you'd share your experiences with us.
>> Click here to start the survey in a new window (opens in new tab) <<
- These are the best ransomware protection tools (opens in new tab)
- Here's our choice of the best malware removal (opens in new tab) software on the market
- Protect your devices with these best antivirus software (opens in new tab)
Notably, this isn’t the first time CISA has had to step in to help plug a critical vulnerability in ThroughTek devices. A vulnerability detected by Nozomi Networks (opens in new tab) equipped hackers with just about the same snooping capabilities as the current vulnerability, minus the ability to control affected devices remotely.
Giving a high-level overview of the latest vulnerability, the researchers explain that it can be exploited by attackers to remotely communicate with and even control the affected IoT devices.
“At the time of writing this blog post, ThroughTek advertises having more than 83 million active devices and over 1.1 billion monthly connections on their platform,” say the researchers, who cannot pin down an exact number because of how the Kalay platform is integrated into devices.
Perhaps the only saving grace is that remotely compromising the affected devices isn’t straightforward. According to the researchers, an attacker would not only require comprehensive knowledge of the Kalay protocol, but will also have to trick users into handing over their Kalay unique identifiers (UID).
As such, the vulnerability earned a severity score of just 3.1/9.6 by the Common Vulnerability Scoring System (CVSS).
ThroughTek has already patched the vulnerability, and the researchers urge companies with products based on the Kalay platform to make sure they are using Kalay SDK v126.96.36.199 or v188.8.131.52, while also enabling the platform’s Authkey and Datagram Transport Layer Security (DTLS) features.
- We've put together a list of the best endpoint protection (opens in new tab) software