83 million IoT devices at risk of hacking
The vulnerability could enable threat actors to listen in on private conversations and watch live video streams
18 August 2021 | 0
At least 83 million Internet of Things (IoT) devices around the world could be at risk of hacking, potentially enabling threat actors to listen in on private conversations and watch live video streams from baby monitors and smart cameras.
That’s according to new findings from Mandiant, a cyber security company and subsidiary of FireEye.
Mandiant security researchers Jake Valletta, Erik Barzdukas, and Dillon Franke discovered a vulnerability that affects IoT devices that use the Kalay network platform manufactured by Taiwanese IoT and M2M (machine-to-machine) solutions provider ThroughTek.
Tracked as CVE-2021-28372, the vulnerability affects a core component of the Kalay platform, allowing hackers to “listen to live audio, watch real-time video data, and compromise device credentials for further attacks based on exposed device functionality”, according to the researchers.
Although Mandiant was not able to pinpoint the affected devices, its researchers noted that ThroughTek has at least 83 million active devices as well as an estimated 1.1 billion monthly connections on its Kalay platform, with all of them potentially being exposed to hackers.
Mandiant disclosed the vulnerability to the US’ Cybersecurity and Infrastructure Security Agency (CISA), which has published an advisory report on the issue that recommends that users disconnect their ThroughTek devices from the Internet, isolate them from the business networks, and to only connect to devices through virtual private networks (VPN).
The discovery of CVE-2021-28372 by Mandiant comes two months after Nozomi Networks researchers discovered a similar flaw affecting ThroughTek’s P2P SDK, which is used to provide remote access to audio or video streams over the internet.
© Dennis Publishing
Professional Development for IT professionals
The mission of the Irish Computer Society is to advance, promote and represent the interests of ICT professionals in Ireland. Membership of the ICS typically reduces courses by 20%. Find out more