Friday, October 15, 2021

Critical ThroughTek vulnerability attackers access Millions of Connected Cameras

Must Read

Google Chrome blocks eight ports against new NAT Slipstreaming attack

Following the discovery of the NAT Slipstreaming 2.0 attack this week, Google says it will block Chrome traffic on...

Zimbra flaw lets attackers access the mail servers

Researchers discovered a flaw in the open-source Zimbra code. As a result, an attacker would gain unrestricted access to...

Flash version was distributed in China after EOL installing adware

Although the Flash Player app has officially reached its final date on December 31, 2020, Adobe has allowed a...

The U.S. Cybersecurity and Infrastructure Security Agency (CISA), on Friday, Issued an advisory about a critical vulnerability in the ThroughTek software that is being used in the devices, including baby monitoring cameras, which may give hackers access to audio and video streams, and Its feeds.

In addition to possible leakage of data, and video, and the company acknowledges that the vulnerability could allow an attacker to could also allow attackers to spoof devices and hijack device certificates. CISA gave the vulnerability a score of 9.1 out of 10 on the CVSS vulnerability severity scale. 

The ThroughTek, point-to-point-to-point (P2P) SDK, is widely used in IoT devices, video surveillance, and audio /video capabilities, including IP-based cameras, a child and a pet, surveillance cameras, smart devices, and sensors to remotely access media content on the Internet. 

ThroughTek’s point-to-point (P2P) SDK is widely used by IoT devices with video surveillance or audio/video transmission capability such as IP cameras, baby and pet monitoring cameras, smart home appliances, and sensors to provide remote access to the media content over the internet.

Security Company, Nozomi Networks, found that vulnerability in the P2P file sharing SDK ThroughTek, and then sent them a Notice about the vulnerability ThroughTek. The notice prompted CISA to release its statement saying the vulnerability was remotely exploitable and was not complex to attack. The P2P functionality allows users to look at audio and video streams through the internet. 

In a statement, Taiwan-headquartered ThroughTek said: “This vulnerability has been addressed in SDK version 3.3 and onwards, which was released at mid-2020. We strongly suggest that you review the SDK version applied to your product and follow the instructions below to avoid any potential problems.

“On this note, we would like to encourage you to keep a close watch on our future SDK releases in response to new security threats.”

Since the vulnerability affects a software Component that is a part of the supply chain for OEMs of consumer-grade surveillance cameras, and IoT devices and the consequences of such action is effective and can be dangerous to the safety of the device, allowing an attacker to view sensitive audio and/or video Stream.

Priyanshu Vijayvargiya
Founder and Editor-in-Chief of 'Virtualattacks Inc' Priyanshu Vijayvargiya is a cybersecurity analyst, Information Security professional, developer, and a white hat hacker.

Leave a reply

Please enter your comment!
Please enter your name here

Latest News

Unified endpoint management automation software to boost endpoint security

Endpoints are constantly connected to the internet, so they offer a gateway for cyberattacks. Endpoint security is simply the process...

Attackers Using Morse Code in phishing campaign to Evade Detection

Microsoft on Thursday revealed the techniques used by attackers to avoid detection using morse code in the phishing campaign.Microsoft also revealed the workings of...

Murata Manufacturing suffers data breach of employees and customer

Japanese electronic components manufacturer Murata has released an apology Notice for the data breach of thousands of files in June that contained bank account...

Everything about Signalling System 7(SS7)

Signaling System 7 (SS7) is an international telecommunication protocol standard that controls and regulates the network elements in a public switched telephone network (PSTN)....

Zimbra flaw lets attackers access the mail servers

Researchers discovered a flaw in the open-source Zimbra code. As a result, an attacker would gain unrestricted access to all sent and received emails...

More Articles Like This