Researchers at cybersecurity firm Mandiant have identified a vulnerability in a software development kit (SDK) affecting more than 83 million smart devices.
The flaw in ThroughTek Kalay, an SDK that facilitates the connection between a device and mobile apps, could enable hackers to access live video and audio streams over the Internet, assume full control of devices remotely, launch denial of service attacks, or install malicious firmware.
If a hacker obtains the device's unique identifier (UID) through a social engineering attack or by searching for a manufacturer's Web vulnerabilities, they could reregister the UID and hijack the connection when a user next accesses the device.
The researchers, who said they have seen no evidence of real-world exploitation of the vulnerability, said they hope to raise awareness about the problem without telling potential attackers how to exploit it.
View Full Article
Abstracts Copyright © 2021 SmithBucklin, Washington, DC, USA
No entries found