Saturday, October 12, 2024
HomeCVE/vulnerabilityMillions Of IoT Devices Vulnerable To Attacks Leads To Full Takeover

Millions Of IoT Devices Vulnerable To Attacks Leads To Full Takeover

Published on

Malware protection

Researchers discovered four significant vulnerabilities in the ThroughTek Kalay Platform, which powers 100 million IoT-enabled devices.

Notably, ThroughTek Kalay’s influence emphasizes the importance of protecting homes, companies, and integrators alike with its widespread presence in security cameras and other devices.

The affected cameras are the Roku Indoor Camera SE, Wyze Cam v3, and Owlet Cam v1 and v2.

- Advertisement - SIEM as a Service

When combined, the identified vulnerabilities tracked as CVE-2023-6321, CVE-2023-6322, CVE-2023-6323, and CVE-2023-6324 allow for both remote code execution to fully compromise the victim device and unauthorized root access from within the local network.

Free Webinar on Live API Attack Simulation: Book Your Seat | Start protecting your APIs from hackers

“When chained together, these vulnerabilities facilitate unauthorized root access from within the local network, as well as remote code execution to completely subvert the victim device”, BitDefender researchers shared with Cyber Security News.

Overview Of The Significant Vulnerabilities

CVE-2023-6321 Owlet Camera OS Command Injection

This vulnerability enables the complete compromise of the device by enabling an authorized user to execute system commands as the root user.

“An attacker can make authenticated requests to trigger this vulnerability,” reads the advisory.

CVE-2023-6322 Stack-Based Buffer Overflow

Through a stack-based buffer overflow vulnerability in the handler of an IOCTL message—a feature commonly used to configure motion detection zones in cameras—attackers can obtain root access. 

This is a vulnerability unique to certain gadgets with motion detection capabilities.

CVE-2023-6323 ThroughTek Kalay SDK Insufficient Verification

This vulnerability presents a way for a local attacker to gain the AuthKey secret without authorization, hence facilitating an attacker’s initial connection to the victim’s device.

CVE-2023-6324 ThroughTek Kalay SDK Error In Handling The PSK Identity

This takes advantage of a flaw that lets attackers infer the pre-shared key for a DTLS session, which is a necessary requirement to establish a connection and communicate with the target devices.

Affected Vendors

The Roku Indoor Camera SE, Wyze Cam v3, and Owlet Cam v1 and v2 have been identified as the affected cameras.

Recommendation

Bitdefender reported these vulnerabilities to ThroghTek on October 19, 2023, and the vendor has subsequently patched them.

It is advised that users of the affected devices ensure they have updated every update that is available. 

On-Demand Webinar to Secure the Top 3 SME Attack Vectors: Watch for Free

Latest articles

Threat Actor ProKYC Selling Tools To Bypass Two-Factor Authentication

Threat actors are leveraging a newly discovered deepfake tool, ProKYC, to bypass two-factor authentication...

Mozilla Warns Of Firefox Zero-Day Actively Exploited In Cyber Attacks

A critical use-after-free vulnerability affecting Firefox and Firefox Extended Support Release (ESR) is being...

SpyCloud Embeds Identity Analytics in Cybercrime Investigations Solution to Accelerate Insider and Supply Chain Risk Analysis & Threat Actor Attribution

IDLink, SpyCloud’s new automated digital identity correlation capability, is now core to its industry-leading...

Abusix and Red Sift Form New Partnership, Leveraging Automation to Mitigate Cyber Attacks

The agreement has marked over 600,000 fraudulent domains for takedown in just two months...

Free Webinar

Protect Websites & APIs from Malware Attack

Malware targeting customer-facing websites and API applications poses significant risks, including compliance violations, defacements, and even blacklisting.

Join us for an insightful webinar featuring Vivek Gopalan, VP of Products at Indusface, as he shares effective strategies for safeguarding websites and APIs against malware.

Discussion points

Scan DOM, internal links, and JavaScript libraries for hidden malware.
Detect website defacements in real time.
Protect your brand by monitoring for potential blacklisting.
Prevent malware from infiltrating your server and cloud infrastructure.

More like this

Threat Actor ProKYC Selling Tools To Bypass Two-Factor Authentication

Threat actors are leveraging a newly discovered deepfake tool, ProKYC, to bypass two-factor authentication...

Hackers Exploiting Zero-day Flaw in Qualcomm Chips to Attack Android Users

Hackers exploit a zero-day vulnerability found in Qualcomm chipsets, potentially affecting millions worldwide.The flaw,...

Foxit PDF Reader Vulnerability Let Attackers Execute Arbitary Code

Researchers recently disclosed six new security vulnerabilities across various software, as one critical vulnerability...