Flaw leaves 83 million IoT smart devices at risk of exposure


Security researchers have discovered a critical flaw that affects tens of millions of internet-of-things (IoT) devices, one that exposes live video and audio streams to eavesdropping threat actors and which could enable attackers to take over control of devices, including security webcams and connected baby monitors. The bug is in ThroughTek’s Kalay network, used in 83 million devices.

This vulnerability, discovered by researchers on Mandiant’s Red Team, tracked as CVE-2021-28372 and FEYE-2021-0020 and assigned a critical CVSS3.1 base score of 9.6, was found in devices connected via ThroughTek’s Kalay IoT cloud platform.

The company explained that the vulnerability would enable cyber adversaries to remotely compromise the victims IoT device, resulting in the ability to listen to live audio, watch real-time video data, and compromise device credentials for further attacks based on exposed device functionality. These further attacks could include actions that would allow an adversary to remotely control affected devices.

It has been strongly advised that users of IoT devices keep their device software and applications up to date by using complex, unique passwords for any accounts associated with these devices and to avoid connecting to affected devices from untrusted networks, such as public Wi-Fi.

Read more of our news stories here!

Related Posts
Others have also viewed

Businesses fail to achieve highly resilient connectivity as commodity IoT providers fail to deliver

A new State of IoT Adoption report launched today by Eseye, a leading global IoT ...

AI-powered computer vision enhances safety in industrial workplaces

RoboK, a startup applying AI-powered computer vision to logistics and industrial workplaces, has announced $2.1 ...

2m UK university and research facility credentials hacked

2.2 million personal credentials are available on the dark web stolen from the top 100 ...
disaster recovery

Disaster recovery market worth $31.6bn by 2030

The disaster recovery-as-a-service market is projected to reach $31.6bn by 2030 according to a new ...