Bug found in ThroughTek IoT devices is highly critical, warns the researchers of Mandiant, and it is expected to be addressed soon.
Mandiant, a popular name in the cybersecurity segment, has recently made an announcement that it has detected a new vulnerability has been detected in ThroughTek's Kalay network, which is expected to allow cyberperps to watch the real-time video and listen to live audion on hundreds of thousands of IoT devices. Even though the disclosure was made public recently, the bug was present in IoT devices since late 2020. Threat researchers Dillon Franke, Jake Valletta, and Erik Barzdukas have contributed heavily to the research blog that highlighted the bug. Successful exploitation of the bug will give the users access to live audio and video feed, and furthermore, it was revealed that perps could also gain access to credentials which prompts that an attack will be taking place in the future.
As of now, there is no known public exploit of the bug. ThroughTek had released a statement earlier this month that the company knew about the bug, even though they did not give any details regarding the same. The statement from the company makes it clear that the outdated release from the company was sufficiently covered to completely protect the data transferred. The company has now channeled its efforts towards creating a solution for this issue and providing relevant guidance soon to its customers.