The security researchers of FireEye Mendiant have recently discovered the critical security vulnerability, CVE-2021-28372. Due to this security flaw, millions of IoT (Internet of Things) devices are vulnerable to breaches that can negotiate the secrecy and protection of their users.
This flaw can be efficiently exploited by remote threat actors so that they can easily take over IoT devices. Another thing is that the only data that is required for an attack is the target users’ Kalay unique identifier (UID).
CVE-2021-28372: Device Enactment
After investigating the whole attack, the experts stated that initially, they can selectively download and struck the applications from both the Google Play Store as well as Apple App Store that included ThroughTek libraries.
These libraries did not include debugging symbols, that are needed in the team to further it can perform dynamic reports with several tools such as:-
- Frida
- gdb
- Wireshark
However, the security researchers of the Mandiant have generally concentrated on recognizing logic and flow vulnerabilities in the Kalay protocol. Not only this, but the experts also stated that the vulnerability that is mentioned above generally affects how Kalay-enabled devices access and combine the Kalay network.
Hacking Device Connections
This vulnerability has been discovered by the security experts at the end of 2020, and soon after the disclosure, the researchers have started working on this flaw with the U.S. Cybersecurity and Infrastructure Security Agency.
CVE-2021-28372 has a severity score of 9.6 out of 10. After investigating the flaw, they found that a Kalay client, like a mobile app, normally receives the UID from a web API hosted by the vendor of the IoT device.
And a threat actor with the UID of a target system could easily register on the Kalay network a device that they can control and receive all client connection tries.
Recommendations
The cybersecurity analysts have tried to find all the key details regarding this vulnerability, and have found some remediation as well as suggested some recommendations as well.
The organizations that are using the Kalay protocol should upgrade to at least version 3.1.10 and along with that they also have to allow the following Kalay features:-
- DTLS, which protects data in transit.
- AuthKey, which combines an additional layer of authentication during client connection.
Moreover, the security experts of the Mandiant security team have strongly recommended the manufacturers of IoT devices apply stringent controls around web APIs that are generally used to secure the Kalay UIDs, usernames, and passwords to decrease an attacker’s capability to collect all the credentials that are needed to access devices remotely.
Apart from this, they are trying their best to bypass all the possible threats that can be allowed by this vulnerability, and that’s why the users must follow the above-mentioned recommendations.
You can follow us on Linkedin, Twitter, Facebook for daily Cybersecurity and hacking news updates.
