Friday, March 29, 2024

Critical Vulnerability In Millions of IoT Devices Lets Hackers Spy on You Remotely

The security researchers of FireEye Mendiant have recently discovered the critical security vulnerability, CVE-2021-28372. Due to this security flaw, millions of IoT (Internet of Things) devices are vulnerable to breaches that can negotiate the secrecy and protection of their users. 

This flaw can be efficiently exploited by remote threat actors so that they can easily take over IoT devices. Another thing is that the only data that is required for an attack is the target users’ Kalay unique identifier (UID).

CVE-2021-28372: Device Enactment

After investigating the whole attack, the experts stated that initially, they can selectively download and struck the applications from both the Google Play Store as well as Apple App Store that included ThroughTek libraries.

These libraries did not include debugging symbols, that are needed in the team to further it can perform dynamic reports with several tools such as:- 

  • Frida
  • gdb
  • Wireshark

However, the security researchers of the Mandiant have generally concentrated on recognizing logic and flow vulnerabilities in the Kalay protocol. Not only this, but the experts also stated that the vulnerability that is mentioned above generally affects how Kalay-enabled devices access and combine the Kalay network. 

Hacking Device Connections 

This vulnerability has been discovered by the security experts at the end of 2020, and soon after the disclosure, the researchers have started working on this flaw with the U.S. Cybersecurity and Infrastructure Security Agency.

CVE-2021-28372 has a severity score of 9.6 out of 10. After investigating the flaw, they found that a Kalay client, like a mobile app, normally receives the UID from a web API hosted by the vendor of the IoT device. 

And a threat actor with the UID of a target system could easily register on the Kalay network a device that they can control and receive all client connection tries.

Recommendations

The cybersecurity analysts have tried to find all the key details regarding this vulnerability, and have found some remediation as well as suggested some recommendations as well. 

The organizations that are using the Kalay protocol should upgrade to at least version 3.1.10 and along with that they also have to allow the following Kalay features:-

  • DTLS, which protects data in transit.
  • AuthKey, which combines an additional layer of authentication during client connection.

Moreover, the security experts of the Mandiant security team have strongly recommended the manufacturers of IoT devices apply stringent controls around web APIs that are generally used to secure the Kalay UIDs, usernames, and passwords to decrease an attacker’s capability to collect all the credentials that are needed to access devices remotely.

Apart from this, they are trying their best to bypass all the possible threats that can be allowed by this vulnerability, and that’s why the users must follow the above-mentioned recommendations.

You can follow us on LinkedinTwitterFacebook for daily Cybersecurity and hacking news updates.

Website

Latest articles

How to Analyse .NET Malware? – Reverse Engineering Snake Keylogger

Utilizing sandbox analysis for behavioral, network, and process examination provides a foundation for reverse...

GoPlus’s Latest Report Highlights How Blockchain Communities Are Leveraging Critical API Security Data To Mitigate Web3 Threats

GoPlus Labs, the leading Web3 security infrastructure provider, has unveiled a groundbreaking report highlighting...

Wireshark 4.2.4 Released: What’s New!

Wireshark stands as the undisputed leader, offering unparalleled tools for troubleshooting, analysis, development, and...

Zoom Unveils AI-Powered All-In-One AI Work Workplace

Zoom has taken a monumental leap forward by introducing Zoom Workplace, an all-encompassing AI-powered...

iPhone Users Beware! Darcula Phishing Service Attacking Via iMessage

Phishing allows hackers to exploit human vulnerabilities and trick users into revealing sensitive information...

2 Chrome Zero-Days Exploited at Pwn2Own 2024: Patch Now

Google has announced a crucial update to its Chrome browser, addressing several vulnerabilities, including...
Balaji
Balaji
BALAJI is an Ex-Security Researcher (Threat Research Labs) at Comodo Cybersecurity. Editor-in-Chief & Co-Founder - Cyber Security News & GBHackers On Security.

Mitigating Vulnerability Types & 0-day Threats

Mitigating Vulnerability & 0-day Threats

Alert Fatigue that helps no one as security teams need to triage 100s of vulnerabilities.

  • The problem of vulnerability fatigue today
  • Difference between CVSS-specific vulnerability vs risk-based vulnerability
  • Evaluating vulnerabilities based on the business impact/risk
  • Automation to reduce alert fatigue and enhance security posture significantly

Related Articles