Budapest Post

Cum Deo pro Patria et Libertate
Budapest, Europe and world news

More than 83 million smart devices, including baby monitors, at risk from hackers

More than 83 million smart devices, including baby monitors, at risk from hackers

Hackers could listen to and watch live audio and video feeds from smart cameras and baby monitors, due to a vulnerability being disclosed by Mandiant and the US Cybersecurity and Infrastructure Security Agency.
A critical vulnerability affecting more than 83 million smart devices, including smart cameras and baby monitors, could allow hackers to listen to and watch live audio and video feeds, it has emerged.

The flaw "poses a huge risk" to people's security and privacy said security company Mandiant, which is coordinating its disclosure with the US Cybersecurity and Infrastructure Security Agency (CISA).

While default passwords have prompted UK security services to warn consumers about criminal activity, the flaw discovered by Mandiant also affects devices which do not use default passwords.

According to Mandiant, the problem is in an IoT (Internet of Things) software protocol called Kalay, developed by Taiwanese company ThroughTek, which offers a platform to control smart devices from.

Before the coordinated disclosure was made, ThroughTek warned users to update their software to stop hackers accessing "sensitive information in transmission and on victim devices".

A similar vulnerability was discovered in the Kalay protocol by Nozomi Networks earlier this year, although Mandiant says its discovery is more severe, allowing attackers to remotely control affected devices as well as snoop on them.

Because the Kalay protocol is installed by both original equipment manufacturers (OEMs) and resellers before smart devices reach consumers, Mandiant said it couldn't determine a complete list of products affected.

However, the business - which is part of cyber security company FireEye - noted ThroughTek's website "reports more than 83 million active devices on the Kalay platform at the time of writing".

Back in 2014, the UK's data watchdog warned Britons that private webcam feeds were being streamed on a Russian website, using default logins and passwords to access the devices.

The British government plans to introduce a new law which will force OEMs and resellers of smart devices to meet minimum security requirements in the UK.

The government announced the Product Security and Telecommunications Infrastructure Bill during the Queen's Speech earlier this year, although this is not yet law.

Announcing the law earlier this year, digital infrastructure minister Matt Warman said: "We are changing the law to ensure shoppers know how long products are supported with vital security updates before they buy and are making devices harder to break into by banning easily guessable default passwords.

"The reforms, backed by tech associations around the world, will torpedo the efforts of online criminals and boost our mission to build back safer from the pandemic."

A spokesperson for the UK's National Cyber Security Centre (NCSC) said: "We are aware of this vulnerability and ThroughTek has released an update to fix the issue.

"Simply using the platform does not automatically make you vulnerable to real-world impact, as additional information that is hard to guess is needed to exploit the vulnerability in an individual device successfully.

"To maximise protection, the NCSC recommends individuals keep their software up to date by installing the latest vendor updates as soon as practicable."
AI Disclaimer: An advanced artificial intelligence (AI) system generated the content of this page on its own. This innovative technology conducts extensive research from a variety of reliable sources, performs rigorous fact-checking and verification, cleans up and balances biased or manipulated content, and presents a minimal factual summary that is just enough yet essential for you to function as an informed and educated citizen. Please keep in mind, however, that this system is an evolving technology, and as a result, the article may contain accidental inaccuracies or errors. We urge you to help us improve our site by reporting any inaccuracies you find using the "Contact Us" link at the bottom of this page. Your helpful feedback helps us improve our system and deliver more precise content. When you find an article of interest here, please look for the full and extensive coverage of this topic in traditional news sources, as they are written by professional journalists that we try to support, not replace. We appreciate your understanding and assistance.
Newsletter

Related Articles

0:00
0:00
Close
Putin Celebrates ‘Unprecedentedly High’ Ties with China as Gazprom Seals Power of Siberia-2 Deal
China Unveils New Weapons in Grand Military Parade as Xi Hosts Putin and Kim
Rapper Cardi B Cleared of Liability in Los Angeles Civil Assault Trial
Google Avoids Break-Up in U.S. Antitrust Case as Stocks Rise
Couple celebrates 80th wedding anniversary at assisted living facility in Lancaster
Information Warfare in the Age of AI: How Language Models Become Targets and Tools
The White House on LinkedIn Has Changed Their Profile Picture to Donald Trump
"Insulted the Prophet Muhammad": Woman Burned Alive by Angry Mob in Niger State, Nigeria
Trump Responds to Death Rumors – Announces 'Missile City'
Druzhba Pipeline Incident Sparks Geopolitical Tensions
Cost of Opposition Leader Péter Magyar's Economic Plan Revealed
Germany in Turmoil: Ukrainian Teenage Girl Pushed to Death by Illegal Iraqi Migrant
United Krack down on human rights: Graham Linehan Arrested at Heathrow Over Three X Posts, Hospitalised, Released on Bail with Posting Ban
Asian and Middle Eastern Investors Avoid US Markets
Ray Dalio Warns of US Shift to Autocracy
Eurozone Inflation Rises to 2.1% in August
Russia and China Sign New Gas Pipeline Deal
Von der Leyen's Plane Hit by Suspected Russian GPS Interference in an Incident Believed to Be Caused by Russia or by Pro-Peace or by Anti-Corruption European Activists
China's Robotics Industry Fuels Export Surge
Suntory Chairman Resigns After Police Probe
Gold Price Hits New All-Time Record
UK Fintechs Explore Buying US Banks
Greece Suspends 5% of Schools as Birth Rate Drops
Apollo to Launch $5 Billion Sports Investment Vehicle
Bolsonaro Trial Nears Close Amid US-Brazil Tension
European Banks Push for Lower Cross-Border Barriers
Poland's Offshore Wind Sector Attracts Investors
Budapest Central European Fashion Week Kicks Off
U.S. Celebrates Labor Day
Hungarian National Team Captain Scores Epic Goal
EU is getting aggressive: Four AfD Candidates Die Unexpectedly Ahead of North Rhine-Westphalia Local Elections
Japanese Customer Sways from VW to BYD after “Unbelievable” Test Drive amid Dealership Expansion
Nestlé Removes CEO Laurent Freixe Following Undisclosed Relationship with Subordinate
Pickles are the latest craze among Generation Z in the United States.
Giuliani Seriously Injured in Accident – Trump to Award Him the Presidential Medal of Freedom
Deadline Day Delivers Record £125m Isak Move and Donnarumma to City
Nvidia Reveals: Two Mystery Customers Account for About 40% of Revenue
Woody Allen: "I Would Be Happy to Direct Trump Again in a Film"
Lula and Putin Hold Strategic BRICS Discussions Ahead of Trump–Putin Summit
White House Eyes Budapest for Peace Talks
Cave Diving Beneath the Streets of Budapest
Another American Restaurant Chain Opens in Budapest
Hungarian Opposition Politician Supports Ukrainian Commander
Opposition Leader Threatens Media Outlets
American Airlines Adds New Flights to Budapest
F1 Hungarian Grand Prix Wraps Up
WhatsApp is rolling out a feature that looks a lot like Telegram.
U.S. Trade Representative says Washington still negotiating trade deals after court rules tariffs illegal
Von der Leyen says Europe drawing up 'precise' plans to send troops to Ukraine
Kremlin accuses Europe of hindering Trump’s peace efforts in Ukraine
×