Flaw leaves 83 million IoT smart devices at risk of exposure

IoT

Security researchers have discovered a critical flaw that affects tens of millions of internet-of-things (IoT) devices, one that exposes live video and audio streams to eavesdropping threat actors and which could enable attackers to take over control of devices, including security webcams and connected baby monitors. The bug is in ThroughTek’s Kalay network, used in 83 million devices.

This vulnerability, discovered by researchers on Mandiant’s Red Team, tracked as CVE-2021-28372 and FEYE-2021-0020 and assigned a critical CVSS3.1 base score of 9.6, was found in devices connected via ThroughTek’s Kalay IoT cloud platform.

The company explained that the vulnerability would enable cyber adversaries to remotely compromise the victims IoT device, resulting in the ability to listen to live audio, watch real-time video data, and compromise device credentials for further attacks based on exposed device functionality. These further attacks could include actions that would allow an adversary to remotely control affected devices.

It has been strongly advised that users of IoT devices keep their device software and applications up to date by using complex, unique passwords for any accounts associated with these devices and to avoid connecting to affected devices from untrusted networks, such as public Wi-Fi.

Read more of our news stories here!

Related Posts
Others have also viewed

Silentnight Brands replace legacy planning tool to keep customers dreaming

Founded in 1946, Silentnight is the UK’s biggest bed manufacturer and an acknowledged superbrand. As ...

Dassault Systèmes aims to transform the sustainable innovation process

Dassault Systèmes has launched Sustainable Innovation Intelligence, its life cycle assessment solution that enables companies ...

Sustainability ambitions boosts supply chain investments

New research from Blue Yonder found that 97 per cent of organisations faced disruption over ...

Bold new initiative to accelerate the transformation of companies to the cloud

Claranet and critical application management, and Amazon Web Services (AWS) have formed a strategic collaboration ...