• CEPro_logo_blue-new
  • TOPICS
      • News
        • People & Places
        • Product Briefs
      • Projects
      • Events
      • Control
        • Central Vac
        • Energy/Power
        • HVAC/IAQ
        • Interfaces/Devices
        • Lighting
        • Motorized Shades
        • Whole House Systems
      • Audio/Video
        • Audio/Video
        • AV Accessories
        • AV Racks
        • Cabling
        • Displays
        • Furniture
        • Headphones
        • Home Theater
        • Media
        • Mounts/Lifts
        • Multiroom AV
        • Projectors/Screens
        • Speakers/Subwoofers
        • Wireless AV
      • Security
        • Access Control
        • Alarms/Sensors
        • Services/Platforms
        • Surveillance/Cameras
      • Business Support
        • Associations/Buying Groups
        • Cell Phone Boosters
        • Distributors/Reps
        • Operations
        • Recurring Revenue
        • Research
        • Sales/Marketing
        • Software Services
        • Tools/Testers
      • Networking
        • Cellular
        • Devices/Equipment
        • Wireless
        • Wired/Installation
      • Markets
        • Builders
        • Commercial
        • Design
        • Europe
        • Outdoors
        • Resimercial
        • Wellness
      • CE Pro Hub Pages
        • Bose
        • Savant
        • Inside Sound United
  • PRODUCTS
  • RESOURCES
    • Reports/Downloads
    • Buyer’s Guide
    • Webcasts
    • Podcasts
    • Integrator Jobs
    • Digital Edition
    • CE Pro-iQ
  • SUBSCRIBE
    • CEDIA SHOW UPDATES
    • CEPRO PRINT EDITION
    • CEPRO DIGITAL EDITION
    • CEPRO NEWSLETTERS
  • DISCOVER
    • CEDIA Expo
      • September 29 – October 1
        Dallas, TX
      • VISIT SITE
    • KBIS
      • February 8 – 10
        Orlando, FL
      • VISIT SITE
    • Total Tech Summit
      • October 26 – 28
        Orlando, FL
      • VISIT SITE
    • Commercial Integrator
      • VISIT SITE
    • Security Sales
      • VISIT SITE
    • Tech Decisions
      • VISIT SITE
    • Campus Safety
      • VISIT SITE
    • Design Well
      • VISIT SITE
    • KBB Online
      • VISIT SITE
    • AV-iQ
      • VISIT SITE
    • CE Pro-iQ
      • VISIT SITE
  • Search
  • TOPICS
    • News
      • People & Places
      • Product Briefs
    • Projects
    • Events
    • Control
      • Central Vac
      • Energy/Power
      • HVAC/IAQ
      • Interfaces/Devices
      • Lighting
      • Motorized Shades
      • Whole House Systems
    • Audio/Video
      • Audio/Video
      • AV Accessories
      • AV Racks
      • Cabling
      • Displays
      • Furniture
      • Headphones
      • Home Theater
      • Media
      • Mounts/Lifts
      • Multiroom AV
      • Projectors/Screens
      • Speakers/Subwoofers
      • Wireless AV
    • Security
      • Access Control
      • Alarms/Sensors
      • Services/Platforms
      • Surveillance/Cameras
    • Business Support
      • Associations/Buying Groups
      • Cell Phone Boosters
      • Distributors/Reps
      • Operations
      • Recurring Revenue
      • Research
      • Sales/Marketing
      • Software Services
      • Tools/Testers
    • Networking
      • Cellular
      • Devices/Equipment
      • Wireless
      • Wired/Installation
    • Markets
      • Builders
      • Commercial
      • Design
      • Europe
      • Outdoors
      • Resimercial
      • Wellness
    • CE Pro Hub Pages
      • Savant
      • Bose
      • Inside Sound United
  • PRODUCTS
  • RESOURCES
    • Reports/Downloads
    • Buyer’s Guide
    • Webcasts
    • Podcasts
    • Integrator Jobs
    • Digital Edition
    • CE Pro-IQ
  • SUBSCRIBE
    • CEPRO PRINT EDITION
    • CEPRO DIGITAL EDITION
    • CEPRO NEWSLETTERS
    • CEDIA SHOW UPDATES
  • DISCOVER
    • Cedia Expo
      VISIT SITE
    • Commercial Integrator
      VISIT SITE
    • Security Sales
      VISIT SITE
    • Tech Decisions
      VISIT SITE
    • Campus Safety
      VISIT SITE
    • Design Well
      VISIT SITE
    • Total Tech Summit
      VISIT SITE
    • KBB Online
      VISIT SITE
    • AV-iQ
    • CE Pro-iQ
M
POPULAR SEARCHES
News
Projects
Control
Audio Video
Security
Business Support
Markets
SUBSCRIBE CEDIA EXPO
Control | News | Security
August 18, 2021

Newly Found IoT Vulnerability Could Impact up to 83M Devices

The current vulnerability is in the ThroughTek Kalay network, a protocol implemented as an SDK built into software and networked IoT devices.
Zachary Comeau  
(Image: Tierney/stock.adobe.com)
Article:
Control | News | Security
August 18, 2021

Newly Found IoT Vulnerability Could Impact up to 83M Devices

A newly discovered vulnerability that could affect 83 million Internet of Things (IoT) devices could allow an attacker to listen to live audio, watch real-time video data and compromise device credentials for further attacks or remotely control devices, according to a new report from cybersecurity firm FireEye.

The IoT has long been thought to be full of gaping vulnerabilities for attackers to exploit, and it’s now becoming a reality.

According to Mandiant, FireEye’s subsidiary, the IoT vulnerability is in the ThroughTek Kalay network, a protocol implemented as a software development kit built into client software and networked IoT devices, including smart camera manufacturers, smart baby monitors and digital video recorder (DVR) products.

Mandiant cited a previous IoT vulnerability published by Nozomi Networks in 2021, but this new vulnerability allows attackers to communicate with devices remotely, which could lead to remote control of devices and potentially remote code execution.

To pull it off, an attacker would need extensive knowledge of the Kalay protocol and the ability to generate and send messages. An adversary would also need to obtain Kalay UIDs through social engineering or other IoT vulnerabilities in APIs or services that return Kalay UIDS, Mandiant says in the report.

Learn the Art of Landscape Lighting Design

Experts recommend landscape lighting design as an entry point for integrators into the revenue opportunity of home lighting. Check out our new resource for tips and best practices. Download "Learning the Skill and Art of Landscape Lighting Design” today!.

Then, an attacker can remotely compromise affected devices that correspond to those UIDs, the report says.

According to ThroughTek, the Kalay platform was developed as a point-to-point connection technology to help manufacturers make products that offer a variety of modular features that are easily operated, have stable connections and offer enhanced security through firmware integration.

It was upgraded in late 2019 with a new decentralized architecture to create more efficient connections, simplify the integration process and reinforce data security.


Related: Report Finds Service Providers, Integrators In Hackers' Crosshairs

“Kalay 2.0 enables integration of video surveillance equipment, smart consumer products, and a variety of sensors to allow brand name manufacturers, telecoms providers, system integrators, hardware manufacturers, and other service providers to offer smart solutions that are safer, more convenient, and more flexible for users to enjoy,” ThroughTek says on its website.

Mandiant was unable to give a complete list of products and companies impacted, but ThroughTek advertises having more than 83 million active devices and over 1.1 billion monthly connections on the platform.

According to Mandiant, it worked with the U.S. Cybersecurity and Infrastructure Security Agency (CISA) to disclose the IoT vulnerability.

Organizations using the Kalay platform should do the following, Mandiant says:

  • If the implemented SDK is below version 3.1.10, upgrade the library to version 3.3.1.0 or version 3.4.2.0 and enable the Authkey and Datagram Transport Layer Security (“DTLS”) features provided by the Kalay platform
  • If the implemented SDK is version 3.1.10 and above, enable Authkey and DTLS
  • Review security controls in place on APIs or other services that return Kalay unique identifiers (“UIDs”).

This article originally appeared on our sister publication Commerical Integrator‘s website.

ARTICLE TOPICS

Control • News • Security

ARTICLE TAGS

Cybersecurity • IoT

SHARE

Share On Facebook
Share On Twitter
Share On Linkedin
Share On Whatsapp
Share Via Email
Copy URL
← Previous Article Next Article →
Article Central VacNewsWellness

Amazon Acquires iRobot Roomba for $1.7B in Cash

Amazon adds iRobot's Roomba vacuum cleaner to its growing portfolio of smart home solutions including Ring, Fire TV and Echo smart speakers.
Article Amplifiers/ReceiversAudio/VideoAV AccessoriesAV RacksControlDesignFurnitureHome TheaterInterfaces/DevicesLightingMarketsMediaMotorized ShadesMultiroom AVNetworkingNewsProjectors/ScreensSpeakers/Subwoofers

SDI’s Audiophile-Centric Approach Reflects an Evolving Market 

SDI is helping Boston-area homeowners meet their home technology objectives without cluttering their homes with unsightly electronics.
Article Central VacNewsWellness

Amazon Acquires iRobot Roomba for $1.7B in Cash

Amazon adds iRobot's Roomba vacuum cleaner to its growing portfolio of smart home solutions including Ring, Fire TV and Echo smart speakers.
Article Devices/EquipmentNetworkingSecurityServices/PlatformsSponsored Content

Preventing Cyberattacks Before They Occur

guardDog’s ASM solution preemptively recognizes, exposes and shuts down cybersecurity threats before an attack can happen, and can help prevent it.

SHOW NEWSLETTER

Sign Up

CE Pro

Subscribe Sign Up

Content Types

News
Products
Projects
Companies
Downloads
Webcasts
Podcasts
Events

Specials

IntegratorJobs
CEDIA EXPO
CE Pro 100
CE Pro Summit
Awards Programs

Company Info

About
Contact Us
Customer Service
Media Solutions & Advertising

Subscribe

Magazine
Newsletters
Digital Edition

Connect

Twitter
Facebook
LinkedIn
YouTube
RSS Feed

Categories

AUDIO/VIDEO
AV Accessories
AV Racks
Amplifiers/Receivers
Cabling
Displays
Furniture
Mounts/Lifts
Multiroom AV
Projector Screens
Speakers/Subwoofers
Wireless AV
CONTROL
Central Vac
Energy/Power
Interfaces/Devices
HVAC/IAQ
Lighting
Motorized Shades
Whole-House Systems
NETWORKING
Cellular
Devices/Equipment
Wireless
Wiring/Installation
SECURITY
Access Control
Alarms/Sensors
Services/Platforms
Surveillance Cameras
BUSINESS SUPPORT
Associations/Buying Groups
Distributors/Reps
Operations
Recurring Revenue
Research
Sales/Marketing
Software/Services
Tools/Testers
MARKETS
Builders
Commercial
Design
Europe
Outdoors
Wellness
FOLLOW US ON
  • Follow
  • Follow
  • Follow
  • Follow
  • Follow

© 2021 Emerald X, LLC. All Rights Reserved.

  • ABOUT
  • CAREERS
  • TERMS OF USE
  • PRIVACY POLICY