Thursday, December 7, 2023

Critical Vulnerability In Millions of IoT Devices Lets Hackers Spy on You Remotely

The security researchers of FireEye Mendiant have recently discovered the critical security vulnerability, CVE-2021-28372. Due to this security flaw, millions of IoT (Internet of Things) devices are vulnerable to breaches that can negotiate the secrecy and protection of their users. 

This flaw can be efficiently exploited by remote threat actors so that they can easily take over IoT devices. Another thing is that the only data that is required for an attack is the target users’ Kalay unique identifier (UID).

CVE-2021-28372: Device Enactment

After investigating the whole attack, the experts stated that initially, they can selectively download and struck the applications from both the Google Play Store as well as Apple App Store that included ThroughTek libraries.

These libraries did not include debugging symbols, that are needed in the team to further it can perform dynamic reports with several tools such as:- 

  • Frida
  • gdb
  • Wireshark

However, the security researchers of the Mandiant have generally concentrated on recognizing logic and flow vulnerabilities in the Kalay protocol. Not only this, but the experts also stated that the vulnerability that is mentioned above generally affects how Kalay-enabled devices access and combine the Kalay network. 

Hacking Device Connections 

This vulnerability has been discovered by the security experts at the end of 2020, and soon after the disclosure, the researchers have started working on this flaw with the U.S. Cybersecurity and Infrastructure Security Agency.

CVE-2021-28372 has a severity score of 9.6 out of 10. After investigating the flaw, they found that a Kalay client, like a mobile app, normally receives the UID from a web API hosted by the vendor of the IoT device. 

And a threat actor with the UID of a target system could easily register on the Kalay network a device that they can control and receive all client connection tries.


The cybersecurity analysts have tried to find all the key details regarding this vulnerability, and have found some remediation as well as suggested some recommendations as well. 

The organizations that are using the Kalay protocol should upgrade to at least version 3.1.10 and along with that they also have to allow the following Kalay features:-

  • DTLS, which protects data in transit.
  • AuthKey, which combines an additional layer of authentication during client connection.

Moreover, the security experts of the Mandiant security team have strongly recommended the manufacturers of IoT devices apply stringent controls around web APIs that are generally used to secure the Kalay UIDs, usernames, and passwords to decrease an attacker’s capability to collect all the credentials that are needed to access devices remotely.

Apart from this, they are trying their best to bypass all the possible threats that can be allowed by this vulnerability, and that’s why the users must follow the above-mentioned recommendations.

You can follow us on LinkedinTwitterFacebook for daily Cybersecurity and hacking news updates.


Latest articles

Bluetooth keystroke-injection Flaw: A Threat to Apple, Linux & Android Devices

An unauthenticated Bluetooth keystroke-injection vulnerability that affects Android, macOS, and iOS devices has been...

Atlassian Patches RCE Flaw that Affected Multiple Products

Atlassian has been discovered with four new vulnerabilities associated with Remote Code Execution in...

Reflectiz Introduces AI-powered Insights on Top of Its Smart Alerting System

Reflectiz, a cybersecurity company specializing in continuous web threat management, proudly introduces a new...

SLAM Attack Gets Root Password Hash in 30 Seconds

Spectre is a class of speculative execution vulnerabilities in microprocessors that can allow threat...

Akira Ransomware Exploiting Zero-day Flaws For Organization Network Access

The Akira ransomware group, which first appeared in March 2023, has been identified as...

Hackers Deliver AsyncRAT Through Weaponized WSF Script Files

The AsyncRAT malware, which was previously distributed through files with the .chm extension, is now being...

BlueNoroff: New Malware Attacking MacOS Users

Researchers have uncovered a new Trojan-attacking macOS user that is associated with the BlueNoroff APT...
BALAJI is an Ex-Security Researcher (Threat Research Labs) at Comodo Cybersecurity. Editor-in-Chief & Co-Founder - Cyber Security News & GBHackers On Security.

API Attack Simulation Webinar

Live API Attack Simulation

In the upcoming webinar, Karthik Krishnamoorthy, CTO and Vivek Gopalan, VP of Products at Indusface demonstrate how APIs could be hacked.The session will cover:an exploit of OWASP API Top 10 vulnerability, a brute force account take-over (ATO) attack on API, a DDoS attack on an API, how a WAAP could bolster security over an API gateway

Related Articles