Critical security gap: attackers could spy on millions of IoT devices


Attackers could take full control of millions of IoT devices directly over the internet. The starting point is a critical security breach in a software development kit (SDK) used on countless baby monitors, digital video recorders, and IP cameras, among others. After successful attacks, attackers could spy on video streams, for example. The vulnerability (CVE-2021-28372) is associated with the threat level “critical“classified.

Particularly affected is the Kalay P2P SDK from software maker ThroughTek, which makes IoT devices accessible online through the Kalay network. There is a secure version of the SDK, but since it is used on countless IoT devices from many different manufacturers, patching is not easily possible. It is currently not known how many devices are affected in total. Discoverers of the Mandiant Gap write in a report that the SDK is used on 83 million active IoT devices. There are said to be over a billion connections to the Kalay network each month.

Manufacturers should start with repair immediately SDK Where job. They must also protect data transmission via DTLS and strengthen authentication via AuthKey.

It is especially important that manufacturers provide security updates so that owners of affected devices can update them and thus keep them secure. Due to the fragmentation, however, it can be assumed that this will only happen very slowly or not at all. This update issue is the biggest building site for IoT devices.

Depending on the vulnerabilities, attackers must have extensive knowledge of the Kalay protocol and be able to use it to send messages to vulnerable devices for a successful attack. He would also need to know the UIDs of the devices. But that shouldn’t be possible via brute force attacks. Attackers could obtain UIDs through social engineering, according to security researchers.

If an attacker has a UID, he can overwrite a device registered in the Kalay network. As a result, all data sent by the device, such as video streams, ends up with the attacker. In this position, he could also save login data. This would allow it to connect to IoT devices and compromise them completely.

Anyone with IoT devices should always make sure that the device is up to date. In addition, systems should only be made accessible via the Internet if there really is no other way. If this is unavoidable, strong passwords should be used. A VPN connection that is encrypted and only allows the connection to be used by selected users also provides more security. It’s also a good idea to seal IoT devices with firewalls.


Source of the article

Disclaimer: This article is generated from the feed and is not edited by our team.

Source link

Leave A Reply

Your email address will not be published.