A flaw in the ThroughTek “Kalay” network affects millions of IoT devices including smart baby monitors, DVRs, smart cameras, and other products.
this latest vulnerability allows attackers to communicate with devices remotely. As a result, further attacks could include actions that would allow an adversary to remotely control affected devices and could potentially lead to remote code execution.
Due to how the Kalay protocol is integrated by original equipment manufacturers (“OEMs”) and resellers before devices reach consumers, Mandiant is unable to determine a complete list of products and companies affected by the discovered vulnerability.
Check It Out: Smart Home Cameras, Baby Monitors Affected by Software Bug
Andrew:
These are the breaches that give yours truly pause in adopting more smart devices, apart from my Apple kit, in my home.
Until we have common standards whereby these devices can effectively and reliably communicate with each other and be controlled by any hub of our choosing, and meet or exceed a common standard of independently testable security, most of these optional devices retain an unacceptable, and unsuspected, level of risk for the average consumer.