Friday, July 19, 2024

Critical Vulnerability In Millions of IoT Devices Lets Hackers Spy on You Remotely

The security researchers of FireEye Mendiant have recently discovered the critical security vulnerability, CVE-2021-28372. Due to this security flaw, millions of IoT (Internet of Things) devices are vulnerable to breaches that can negotiate the secrecy and protection of their users. 

This flaw can be efficiently exploited by remote threat actors so that they can easily take over IoT devices. Another thing is that the only data that is required for an attack is the target users’ Kalay unique identifier (UID).

CVE-2021-28372: Device Enactment

After investigating the whole attack, the experts stated that initially, they can selectively download and struck the applications from both the Google Play Store as well as Apple App Store that included ThroughTek libraries.

These libraries did not include debugging symbols, that are needed in the team to further it can perform dynamic reports with several tools such as:- 

  • Frida
  • gdb
  • Wireshark

However, the security researchers of the Mandiant have generally concentrated on recognizing logic and flow vulnerabilities in the Kalay protocol. Not only this, but the experts also stated that the vulnerability that is mentioned above generally affects how Kalay-enabled devices access and combine the Kalay network. 

Hacking Device Connections 

This vulnerability has been discovered by the security experts at the end of 2020, and soon after the disclosure, the researchers have started working on this flaw with the U.S. Cybersecurity and Infrastructure Security Agency.

CVE-2021-28372 has a severity score of 9.6 out of 10. After investigating the flaw, they found that a Kalay client, like a mobile app, normally receives the UID from a web API hosted by the vendor of the IoT device. 

And a threat actor with the UID of a target system could easily register on the Kalay network a device that they can control and receive all client connection tries.


The cybersecurity analysts have tried to find all the key details regarding this vulnerability, and have found some remediation as well as suggested some recommendations as well. 

The organizations that are using the Kalay protocol should upgrade to at least version 3.1.10 and along with that they also have to allow the following Kalay features:-

  • DTLS, which protects data in transit.
  • AuthKey, which combines an additional layer of authentication during client connection.

Moreover, the security experts of the Mandiant security team have strongly recommended the manufacturers of IoT devices apply stringent controls around web APIs that are generally used to secure the Kalay UIDs, usernames, and passwords to decrease an attacker’s capability to collect all the credentials that are needed to access devices remotely.

Apart from this, they are trying their best to bypass all the possible threats that can be allowed by this vulnerability, and that’s why the users must follow the above-mentioned recommendations.

You can follow us on LinkedinTwitterFacebook for daily Cybersecurity and hacking news updates.


Latest articles

Hackers Claiming Dettol Data Breach: 453,646 users Impacted

A significant data breach has been reported by a threat actor known as 'Hana,'...

CrowdStrike Update Triggers Widespread Windows BSOD Crashes

A recent update from cybersecurity firm CrowdStrike has caused significant disruptions for Windows users,...

Operation Spincaster Disrupts Approval Phishing Technique that Drains Victim’s Wallets

Chainalysis has launched Operation Spincaster, an initiative to disrupt approval phishing scams that have...

Octo Tempest Know for Attacking VMWare ESXi Servers Added RansomHub & Qilin to Its Arsenal

Threat actors often attack VMware ESXi servers since they accommodate many virtual machines, which...

TAG-100 Actors Using Open-Source Tools To Attack Gov & Private Orgs

Hackers exploit open-source tools to execute attacks because they are readily available, well-documented, and...

macOS Users Beware Of Weaponized Meeting App From North Korean Hackers

Meeting apps are often targeted and turned into weapons by hackers as they are...

Hackers Exploiting Legitimate RMM Tools With BugSleep Malware

Since October 2023, MuddyWater, which is an Iranian threat group linked to MOIS, has...
BALAJI is an Ex-Security Researcher (Threat Research Labs) at Comodo Cybersecurity. Editor-in-Chief & Co-Founder - Cyber Security News & GBHackers On Security.

Free Webinar

Low Rate DDoS Attack

9 of 10 sites on the AppTrana network have faced a DDoS attack in the last 30 days.
Some DDoS attacks could readily be blocked by rate-limiting, IP reputation checks and other basic mitigation methods.
More than 50% of the DDoS attacks are employing botnets to send slow DDoS attacks where millions of IPs are being employed to send one or two requests per minute..
Key takeaways include:

  • The mechanics of a low-DDoS attack
  • Fundamentals of behavioural AI and rate-limiting
  • Surgical mitigation actions to minimize false positives
  • Role of managed services in DDoS monitoring

Related Articles