14 DAY TRIAL // FireEye researchers have found a significant vulnerability in Mandiant core component of the Kalay cloud platform that leaves millions of IoT devices vulnerable to remote attacks, according to Security Week.
ThroughtTek, known for its IoT and M2M solutions for security, surveillance, consumer electronics systems, smart home, and cloud storage, identified the vulnerability in a foundational component of the Kalay IoT cloud platform. Researchers from Mandiant revealed in late 2020 that the framework had been compromised by a significant remote hacking vulnerability.
The vulnerability has been recorded as CVE-2021-28372 and has a CVSS score of 9.6. Due to the fact that many of the vulnerable devices are video surveillance equipment, such as digital video recorders, IP cameras, baby monitors, an attacker can capture live data to use to his advantage. For the hack to take place, the attacker needs to gain possession of the Kalay unique user identifier (UID), which can be done via social engineering, for example.
Social engineering helps cybercriminals in achieving their objectives
The attack continues after the threat actor obtains the UID by making a custom request to the Kalay network to connect another device within the same network using the same UID. This causes the Kalay server to overwrite the current device. Now, the attacker only has to wait for the victim to show up, as the connection between is forwarded to collect the credentials used by the victim to access the device.
ThroughTek has issued SDK updates to mitigate the vulnerability. The company also urged its customers to minimize their chances of being attacked by hackers with AuthKey, which is required for an additional layer of authentication and DTLS to ensure data is protected in transit.
The vulnerability is a major threat to end-user privacy and security and should be handled properly. If IoT devices such as cameras or other vulnerable IoT devices are left unsecured, they can be hacked just as easily as with a UID.