Skip to content

SDK bug enables spying on IoT devices

Posted by: GuidePoint Security

< 1 min read

Published 8/26/21 9:00AM

A software development kit (SDK) vulnerability (CVE-2021-28372) has been discovered affecting versions of the ThroughTek Kalay P2P SDK, leading to the potential for remote code execution and device takeover. Security researchers warn that, if leveraged, the vulnerability could result in listening to live audio, watching real-time video/monitor data, and compromising device credentials for future attacks.

The IoT devices at risk include IP cameras, light cameras, and other internet-enabled video surveillance devices. The Common Vulnerability Scoring System (CVSS) score on this vulnerability is rated as “critical.”

Next Steps

To mitigate any issues associated with this bug, users are recommended to apply available upgrades to version 3.1.10 and enable DTLS and AuthKey to secure any data in transit. Users are also advised to add additional layers of authentication for anyone connecting to the system.

Categories: Blog Cybersecurity

GuidePoint Security

Countering The Threat Of Spear-Phishing
With Spear-Phishing, many organizations feel like their tools will help them stop the attacks. This is true at some levels, […]
Download

Related Articles

View All

  • Security Awareness & Education
Countering The Threat Of Spear-Phishing
Read More < 1 min read
  • Application Security
The Critical Need for Multi-Role Testing in Application Security
Posted by: Austin Turecek
Read More 7 min read
  • Governance, Risk & Compliance
CMMC Is Here – Are You Ready? (Better Late Than Never)
Posted by: Dan Mengel
Read More 4 min read