LEFT SIDEBAR AD

Hidden in mobile, Best for skyscrapers.

Mandiant Discloses Critical Vulnerability Affecting Millions of IoT Devices

2 years ago 241
BOOK THIS SPACE FOR AD
ARTICLE AD

17. August 2021

This article has been indexed from Threat Research Blog

Today, Mandiant disclosed a critical risk vulnerability in
coordination with the Cybersecurity and Infrastructure Security Agency
(“CISA”) that affects millions of IoT devices that use the ThroughTek “Kalay”
network. This vulnerability, discovered by researchers on Mandiant’s
Red Team in late 2020, would enable adversaries to remotely compromise
victim IoT devices, resulting in the ability to listen to live audio,
watch real time video data, and compromise device credentials for
further attacks based on exposed device functionality. These further
attacks could include actions that would allow an adversary to
remotely control affected devices.

At the time of writing this blog post, ThroughTek advertises having
more than 83 million active devices and over 1.1 billion monthly
connections on their platform. ThroughTek’s clients include IoT camera
manufacturers, smart
baby monitors, and Digital Video Recorder (“DVR”) products.
Unlike the vulnerability published by researchers from Nozomi
Networks in May 2021 (also in coordination with CISA), this latest
vulnerability allows attackers to communicate with devices remotely.
As a result, further attacks could include actions that would allow an
adversary to remotely control affected devices and could potentially
lead to remote code execution.

The Kalay protocol is implemented as a Software Development Kit
(“SDK”) which is built into client software (e.g. a mobile or desktop
application) and networked IoT devices, such as smart cameras. Due to
how the Kalay protocol is integrated by original equipment
manufacturers (“OEMs”) and resellers before devices reach consumers,
Mandiant is unable to determine a complete list of products and
companies affected by the discovered vulnerability.

This vulnerability has been assigned a CVSS3.1 base score of 9.6 and
is tracked as CVE-2021-28372
and Mandiant Discloses Critical Vulnerability Affecting Millions of IoT Devices

Read Entire Article
  3. Mandiant Discloses Critical Vulnerability Affecting Millions of IoT Devices

Related

Cops cuff man for allegedly framing colleague with AI-generated hate speech clip

Cops cuff man for allegedly framing colleague with AI-generated hate speech clip

Ring dinged for $5.6M after, among other claims, rogue insider spied on 'pretty girls'

Ring dinged for $5.6M after, among other claims, rogue insider spied on 'pretty girls'

AeroNet Wireless Launches 10Gbps Internet Plan: A Landmark Moment in Puerto Rico’s Telecommunications Industry

AeroNet Wireless Launches 10Gbps Internet Plan: A Landmark Moment in Puerto Rico’s Telecommunications Industry

Two cuffed in Samourai Wallet crypto dirty money sting

Two cuffed in Samourai Wallet crypto dirty money sting

NDR in the Modern Cybersecurity Landscape

NDR in the Modern Cybersecurity Landscape

Russia, Iran pose most aggressive threat to 2024 elections, say infoseccers

Russia, Iran pose most aggressive threat to 2024 elections, say infoseccers

Trending

1. Adrian Newey
2. Rafael Nadal
3. Gukesh Chess
4. World Malaria Day
5. TikTok banned
6. Dead Boy Detectives
7. RCB बनाम SRH
8. RCB vs SRH
9. IBM HashiCorp acquisition
10. Kotak Mahindra Bank

Popular

1-click RCE in Electron Applications

1-click RCE in Electron Applications

Install waybackurls on Kali Linux

Install waybackurls on Kali Linux

Over 40 Apps With More Than 100 Million Installs Found Leaking AWS Keys

Over 40 Apps With More Than 100 Million Installs Found Leaking AWS Keys

Microsoft Office Professional Plus 2019 (x64 & x86) Multilingual + Pre-Activated

Microsoft Office Professional Plus 2019 (x64 & x86) Multilingual + Pre-Activated

Install DalFox on Kali Linux

Install DalFox on Kali Linux

Adobe Master Collection CC 2022 v25.08.2022 (x64) Multilingual Pre-Activated

Adobe Master Collection CC 2022 v25.08.2022 (x64) Multilingual Pre-Activated

‘We are not motivated by profits’ – Open Bug Bounty maintainers on finding a niche in the crowdsourced AppSec market

‘We are not motivated by profits’ – Open Bug Bounty maintainers on finding a niche in the crowdsourced AppSec market

Maxon CINEMA 4D Studio S22.123 (x64) Multilingual + Crack

Maxon CINEMA 4D Studio S22.123 (x64) Multilingual + Crack

Just Gopher It: Escalating a Blind SSRF to RCE for $15k

Just Gopher It: Escalating a Blind SSRF to RCE for $15k

SketchUp Pro 2020 v20.2.172 (x64) Multilingual + Patch

SketchUp Pro 2020 v20.2.172 (x64) Multilingual + Patch

BOOK THIS SPACE FOR AD
RIGHT SIDEBAR BOTTOM AD
Bengali (Bangladesh) Bengali (Bangladesh) · English (United States) English (United States) ·
About Us · Terms & Condition · Contact Us
© Security Alert 2024. All rights are reserved