Close this search box.

Flaw leaves 83 million IoT smart devices at risk of exposure


Security researchers have discovered a critical flaw that affects tens of millions of internet-of-things (IoT) devices, one that exposes live video and audio streams to eavesdropping threat actors and which could enable attackers to take over control of devices, including security webcams and connected baby monitors. The bug is in ThroughTek’s Kalay network, used in 83 million devices.

This vulnerability, discovered by researchers on Mandiant’s Red Team, tracked as CVE-2021-28372 and FEYE-2021-0020 and assigned a critical CVSS3.1 base score of 9.6, was found in devices connected via ThroughTek’s Kalay IoT cloud platform.

The company explained that the vulnerability would enable cyber adversaries to remotely compromise the victims IoT device, resulting in the ability to listen to live audio, watch real-time video data, and compromise device credentials for further attacks based on exposed device functionality. These further attacks could include actions that would allow an adversary to remotely control affected devices.

It has been strongly advised that users of IoT devices keep their device software and applications up to date by using complex, unique passwords for any accounts associated with these devices and to avoid connecting to affected devices from untrusted networks, such as public Wi-Fi.

Read more of our news stories here!

CTS The industrialisation of IT
CTS - Industrialisation of IT
Related Posts
CTS The industrialisation of IT
Others have also viewed

UK businesses see boosting connectivity as integral to growth

Study reveals a great opportunity for alternative network providers (AltNets) to meet growing demand for ...

Germany Energy Efficiency Act demonstrates importance of data centre supply chain collaboration

Following the signing into law of Germany’s Energy Efficiency Act (EnEfG), energy solutions specialist Aggreko ...

Systemair look to Infor’s cloud solution to deliver more sustainable products

Systemair is moving its core business system to Infor CloudSuite Manufacturing, aiming at smoother integration ...
Data Centre

Vertiv collaborates with Intel on liquid cooled solution

Vertiv is collaborating with Intel to provide a liquid cooling solution that will support the ...