Critical bug impacting millions of IoT devices lets hackers spy on you

silversurfer

silversurfer

Level 85
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Malware Hunter
Well-known
Aug 17, 2014
8,957
Content source
https://www.bleepingcomputer.com/news/security/critical-bug-impacting-millions-of-iot-devices-lets-hackers-spy-on-you/
Security researchers are sounding the alarm on a critical vulnerability affecting tens of millions of devices worldwide connected via ThroughTek’s Kalay IoT cloud platform.

The security issue impacts products from various manufacturers providing video and surveillance solutions as well as home automation IoT systems that use the Kalay network for easy connectin and communication with a corresponding app.

A remote attacker could leverage the bug to gain access to the live audio and video streams, or to take control of the vulnerable device.
Click to expand...
Researchers at Mandiant’s Red Team discovered the vulnerability at the end of 2020 and worked with the U.S. Cybersecurity and Infrastructure Security Agency and ThroughTek to coordinate the disclosure and create mitigation options.

Tracked as CVE-2021-28372, the issue is a device impersonation vulnerability that received a severity score of 9.6 out of 10. It affects the Kalay protocol that is implemented as a software development kit (SDK) that is built into mobile and desktop applications.

Mandiant’s Jake Valletta, Erik Barzdukas, and Dillon Franke looked at ThroughTek’s Kalay protocol and found that registering a device on the Kalay network required only the device’s unique identifier (UID).
Click to expand...
www.bleepingcomputer.com

Critical bug impacting millions of IoT devices lets hackers spy on you

Security researchers are sounding the alarm on a critical vulnerability affecting tens of millions of devices worldwide connected via ThroughTek's Kalay IoT cloud platform.
www.bleepingcomputer.com www.bleepingcomputer.com
 
  • Like
  • Wow
  • Thanks
Reactions: Mercenary, Nevi, show-Zi and 5 others
show-Zi

show-Zi

Level 36
Verified
Top Poster
Well-known
Jan 28, 2018
2,493
These risks are expected to attract attention only after they become widely used. Most of the current IoT conversation is about convenience, and I don't think there's a lot of talk about these dangers.
 
  • Like
Reactions: CyberTech and Nevi
CyberTech

CyberTech

Level 40
Verified
Top Poster
Well-known
Nov 10, 2017
2,871
I really hate when this happened! i wish we could go back to 2000s it was really good tbh 😭
 
You must log in or register to reply here.

Similar threads

LASER_oneXM
Researchers Demonstrate Ransomware for IoT Devices That Targets IT and OT Networks
Replies
0
Views
353
News Archive
LASER_oneXM
LASER_oneXM
Correlate
    • Like
    • +Reputation
Exploit out for critical Realtek flaw affecting many networking devices
Replies
1
Views
519
News Archive
upnorth
upnorth
CyberTech
    • Like
    • +Reputation
What's on your network? These are the devices most at risk of getting hacked
Replies
0
Views
277
News Archive
CyberTech
CyberTech

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

Quick Navigation

Forum Rules Warning System Welcome Guide Two-factor Authentication

User Menu

Login

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top