Millions of IoT devices vulnerable to cloud platform vulnerability

A vulnerability in a widely used cloud platform by Internet of Things (IoT) devices makes it possible to take over systems remotely or to watch live with, for example, security cameras. According to manufacturer ThroughTek, more than 83 million devices use the Kalay network.

Kalay is a platform that IoT manufacturers can use to establish a connection between the device and its app. The platform handles the authentication and sends the data between the app and the IoT device. For example, users can watch remotely with their camera. It is therefore used by all kinds of IoT manufacturers.

Researchers from security company Mandiant discovered a vulnerability with the registration of IoT devices on the network. As soon as a device is connected, it registers itself on the Kalay network via a UID. An attacker who gains access to this UID could register a device with the same UID, overwriting the existing device's registration.

Now, as soon as the user wants to connect to his IoT device via his app, he actually connects to the attacker's device, which can intercept the login data. Something that the user hardly notices. With the already captured UID and credentials, the attacker can then gain access to the user's device. For example, it is possible to watch with cameras, perform a denial of service or attack other devices in the user's network.

The impact of the vulnerability was assessed on a scale of 1 to 10 with a 9.6. According to the Cybersecurity and Infrastructure Security Agency (CISA) of the US Department of Homeland Security, carrying out the attack is not complex. However, Mandiant says that bruteforcing the 20-byte UID is not feasible. ThroughTek has since issued several recommendations for IoT manufacturers. End users are advised not to connect to their IoT devices from unreliable networks.

Previous Post Next Post