Friday, July 23, 2021

Critical ThroughTek vulnerability attackers access Millions of Connected Cameras

Must Read

Parking app ParkMobile experiences data breach of 21M Users

The popular mobile app that drivers use to pay and find available public parking in Pittsburgh and in other...

Iranian hackers ‘phished’ researcher by posing as Israeli ex-intel Leader- report

Member of think tank receives an email from the personal email address linked to Amos Yadlin, is subsequently sent...

The third malware Strain detected in SolarWinds supply chain attack

Security investigators have found another type of malware used by Russian attackers to loosen SolarWinds. CrowdStrike, one of two security...

The U.S. Cybersecurity and Infrastructure Security Agency (CISA), on Friday, Issued an advisory about a critical vulnerability in the ThroughTek software that is being used in the devices, including baby monitoring cameras, which may give hackers access to audio and video streams, and Its feeds.

In addition to possible leakage of data, and video, and the company acknowledges that the vulnerability could allow an attacker to could also allow attackers to spoof devices and hijack device certificates. CISA gave the vulnerability a score of 9.1 out of 10 on the CVSS vulnerability severity scale. 

The ThroughTek, point-to-point-to-point (P2P) SDK, is widely used in IoT devices, video surveillance, and audio /video capabilities, including IP-based cameras, a child and a pet, surveillance cameras, smart devices, and sensors to remotely access media content on the Internet. 

ThroughTek’s point-to-point (P2P) SDK is widely used by IoT devices with video surveillance or audio/video transmission capability such as IP cameras, baby and pet monitoring cameras, smart home appliances, and sensors to provide remote access to the media content over the internet.

Security Company, Nozomi Networks, found that vulnerability in the P2P file sharing SDK ThroughTek, and then sent them a Notice about the vulnerability ThroughTek. The notice prompted CISA to release its statement saying the vulnerability was remotely exploitable and was not complex to attack. The P2P functionality allows users to look at audio and video streams through the internet. 

In a statement, Taiwan-headquartered ThroughTek said: “This vulnerability has been addressed in SDK version 3.3 and onwards, which was released at mid-2020. We strongly suggest that you review the SDK version applied to your product and follow the instructions below to avoid any potential problems.

“On this note, we would like to encourage you to keep a close watch on our future SDK releases in response to new security threats.”

Since the vulnerability affects a software Component that is a part of the supply chain for OEMs of consumer-grade surveillance cameras, and IoT devices and the consequences of such action is effective and can be dangerous to the safety of the device, allowing an attacker to view sensitive audio and/or video Stream.

a2434345d63481a40f0d145881b41013?s=96&d=mm&r=g
Priyanshu Vijayvargiya
Founder and Editor-in-Chief of 'Virtualattacks Inc' Priyanshu Vijayvargiya is a cybersecurity analyst, Information Security professional, developer, and a white hat hacker.

LEAVE A REPLY

Please enter your comment!
Please enter your name here

Latest News

OAIC: Uber found to have interfered with the privacy of over 1.2 million Australians

The Office of the Australian Information Commissioner (OAIC) has determined that Uber Technologies, Inc. and Uber B.V. have interfered...

Over 80 US Municipalities data are exposed due to Misconfigured Amazon S3

A team of Cybersecurity researchers at Wizcase found major data exposure of Over 80 US Municipalities due to the Misconfigured Amazon S3 Bucket. This happened...

Formbook malware Upgraded as an XLoader malware to Attack macOS Systems

Researchers have spotted an upgraded malware variant of Formbook malware which is now Upgraded as an XLoader malware to Attack macOS Systems. Cybersecurity researchers on...

Millions of HP, Samsung, Xerox Printers are Vulnerable to 16 year old bug

A 16-year-old security vulnerability affects Millions of HP, Samsung, Xerox Printers Driver allows attackers to gain admin rights on systems using the vulnerable driver...

MosaicLoader malware targets cracked software via SEO poisoning

New MosaicLoader malware targets users that are searching to download cracked software. Cybercriminals run ad campaigns in search engine results to boost their malicious...

More Articles Like This