Home
Tech info
Technology
Science
Life
Application
Electric
Program
Mobile
Windows 10
Windows 11This critical vulnerability turns home devices into attack tools
Vulnerabilities in millions of Internet of Things (IoT) devices, including security cameras, baby monitors and other digital recording devices, could allow attackers to view and listen to live data. as well as collect login information to prepare for further attacks.
Cybersecurity firm Mandiant, the Cybersecurity and Infrastructure Agency (CISA) and ThroughTek said the vulnerability appeared in IoT devices using the ThroughTek Kalay platform.
This vulnerability (codenamed CVE-2021-28372) has a CVSS of 9.6, which is classified as a critical vulnerability. Experts recommend that users upgrade to Kalay version 3.1.10 to protect devices and networks from attackers.
While Mandiant cannot aggregate all affected devices, ThroughTek figures show 83 million devices are connected through the Kalay network and there are more than 1.1 billion monthly connections to the platform.
Previously, Nozomi Networks also found security holes in ThroughTek, but the new vulnerability discovered by Mandiant is different. It allows attackers to remotely execute code on the device, take control of affected IoT devices, listen to live audio, view real-time video feeds, and compromise device credentials. to prepare for the next attack.
This is a privacy violation that seriously affects not only individual customers, especially if cameras and surveillance equipment are installed inside a private home, but also for businesses as it can monitor live. internal and private meetings.
In addition, there is also the possibility of devices being used in botnets and DDoS attacks.
"This vulnerability could potentially allow remote code execution on the attacked device, which could be used in a variety of ways, such as potentially creating a botnet from vulnerable devices or being hacked. attacks on devices that share the same network as the attacked device," said Erik Barzdukas, service manager at Mandiant.
Exploiting the CVE-2021-28372 vulnerability is very complex, requiring the attacker's time and effort. However, this did not prevent breaches from occurring, and the vulnerability is still considered critical by CISA.
Mandiant is working with vendors using the Kalay protocol to help protect devices from vulnerabilities and recommends that all IoT manufacturers and users update patches to protect devices. .
Kareem WintersYou should read it
- Facebook was attacked, more than 50 million user accounts are at risk of being leaked
- Hackers take control of the update tool, attacking tens of thousands of ASUS computers
- More than 85% of Smart TVs can be remotely attacked by television
- Quora's question and answer page was attacked, causing 100 million users to leak personal information
- Cyber-Attack attacked the US military network
- Google warns of a vulnerability that allows Android smartphones to be attacked with just a phone number
- iPhone can be attacked through iMessage vulnerability, how does Apple explain?
- eBay was attacked by hackers, user accounts were revealed
May be interested
- Detected Critical Security Bugs Affecting All Versions of Windows
a critical security vulnerability, affecting all versions of windows, has just been discovered. notably, there are indications that hackers have exploited this security hole to attack users. - Vulnerability in WinRAR puts users at risk of being attackeda security researcher from the zero day initiative (zdi) recently announced a critical security flaw in winrar, leaving users' systems vulnerable to attack.
- How to turn a Raspberry Pi into a home automation panelin this tutorial, you'll learn how to set up domoticz, a powerful home automation control panel, on the raspberry pi to track, configure, and interact with various smart devices scattered throughout the home.
- NVIDIA Jetson chipset contains a series of security holes that allow data theft, DDoS attacksa series of new critical security vulnerabilities have been found in the jetson chip framework (nvidia) that could affect millions of active graphics cards worldwide.
- HomeKit bug turns iPhone into useless bricka security researcher has just discovered a rather serious vulnerability in apple's homekit platform. this vulnerability could cause the user's iphone, or anyone else with access to the modified apple home network, to become unusable.
- Intel faces a new vulnerability called BranchScopenew researchers have discovered a new off-the-shelf attack technique called branchscope that could affect all devices using intel processors.
- Apple releases iOS 14.4.2, iOS 12.5.2, and watchOS 7.3.3 updates that patch the critical zero-day vulnerabilityapple just released a series of security updates aimed at addressing a relatively serious zero-day vulnerability on ios.
- What to do to protect the device from ZombieLoad attack?recently a new vulnerability was found on intel processor chip called zombieload that made users worried. if you are looking for ways to protect your device, then you are in the right place.
- It turns out this is how hackers attack your computer through the main screenthe video clearly shows how he entered the user's computer through the main screen, creating a vulnerability on the computer to steal personal information. in this way, the hacker can even change the amount of money in the user's bank account.
- Google has just patched a critical Gmail vulnerability, allowing hackers to send fake emailsgoogle just patched a critical vulnerability affecting gmail and g suite. this vulnerability allows hackers to send fake identity emails to scam users.
Security solution
- Windows 365 accounts and passwords can be stolen easily
- How to limit USB plugged into computer (only accept authorized USB)
- Detecting a new type of malware that steals Windows passwords, installs a virtual currency mining tool and continues to spread trojans
- New Vulnerability in Windows 10 Allows Admin Hijacking
- Detect spyware that infects iMessage even if the user has not read the message
- Fool Windows Hello with a fake camera
Windows 365 accounts and passwords can be stolen easily
How to limit USB plugged into computer (only accept authorized USB)
Detecting a new type of malware that steals Windows passwords, installs a virtual currency mining tool and continues to spread trojans
New Vulnerability in Windows 10 Allows Admin Hijacking
Detect spyware that infects iMessage even if the user has not read the message
Fool Windows Hello with a fake camera