The vulnerability exisits in the company’s P2P SDK, a function that allows a client on a desktop or mobile app to access the camera’s audio or video streams via the internet.
Nozomi Networks has shared details of a critical IoT supply chain vulnerability that might be exposing millions of internet-connected cameras to espionage. Reportedly, the flaw affects IoT cameras worldwide and lets attackers hijack video streams.
Flaw Identified in ThroughTek’s P2P SDK
The flaw was discovered in ThroughTek’sr software component used by OEMs to manufacture IP cameras, baby/pet monitoring cameras, battery devices, and robotic devices. The vulnerability is present in the company’s P2P SDK, which is a function that allows a client on a desktop or mobile app to access the camera’s audio or video streams via the internet.
SEE: Hackers access 150,000+ security cameras in massive hack
It is reported that the protocol used to transmit these data streams don’t possess a secure key exchange. Instead, it relies on a fixed key-based obfuscation scheme. Hence, attackers can access it and construct the audio/video stream to spy on users remotely. Moreover, it can allow attackers to carry out device spoofing, eavesdropping on camera audio/video, and hijack device certificates.
CISA Releases Security Alert
On June 15th 2021, CISA released a separate
Support the originator by clicking the read the rest link below.
