Sign In

Communications of the ACM

ACM TechNews

Millions of Web Camera, Baby Monitor Feeds Exposed

View as: Print Mobile App Share:
A collage representing the many different types of Internet of Things devices.

The researchers say they haven't seen evidence of real-world exploitation, and their goal is to raise awareness about the problem without handing real attackers a road map.

Credit: Elena Lacey

Researchers at cybersecurity firm Mandiant have identified a vulnerability in a software development kit (SDK) affecting more than 83 million smart devices.

The flaw in ThroughTek Kalay, an SDK that facilitates the connection between a device and mobile apps, could enable hackers to access live video and audio streams over the Internet, assume full control of devices remotely, launch denial of service attacks, or install malicious firmware.

If a hacker obtains the device's unique identifier (UID) through a social engineering attack or by searching for a manufacturer's Web vulnerabilities, they could reregister the UID and hijack the connection when a user next accesses the device.

The researchers, who said they have seen no evidence of real-world exploitation of the vulnerability, said they hope to raise awareness about the problem without telling potential attackers how to exploit it.

From Wired
View Full Article


Abstracts Copyright © 2021 SmithBucklin, Washington, DC, USA


No entries found