Bug in millions of home cameras could let hackers spy on YOU

We use your sign-up to provide content in ways you’ve consented to and to improve our understanding of you. This may include adverts from us and 3rd parties based on our understanding. You can unsubscribe at any time. More info

A critical bug unearthed in millions of smart home devices around the world could give attackers remote access to cameras and microphones. Researchers are warning that devices which use an Internet of Things, IoT, software platform called Kalay all share the same weakness. The affected devices could include security cameras, smart doorbells… and even baby monitors.

In fact ThroughTek, which designs the Kalay platform, boasts that over 83 million gadgets around the world use its technology – meaning any hacker who exploited the bug could easily gain access to live video and audio feeds in millions of homes… with very creepy implications.

Jake Valleta, one of the researchers who raised the alarm, told Wired: “An attacker could connect to a device at will, retrieve audio and video, and use the remote API to then do things like trigger a firmware update, change the panning angle of a camera, or reboot the device. And the user doesn’t know that anything is wrong.”

Hackers could take advantage of the bug through a complicated process, involving stealing user IDs and passwords, then overwriting the device on Kalay’s central servers. This would essentially hijack the device.

Although it’s still hypothetical at this point – as far as we know, no bad actors have taken advantage – the researchers managed to hack into the Kalay systems themselves and take over a device running the software.

Expert exposes ‘weaknesses in German system’ allowed Putin’s spy network in

Because of the huge number of companies and products which rely on this software, fixing it might not be easy. Even after the bug is removed from the underlying technology, every device must be updated by its manufacturer.

Security experts say a huge proportion of IoT devices will still be vulnerable as they have not updated to the latest version of Kalay. Smaller, less security-conscious brands will be less likely to roll out the patches.

Unfortunately, there is no real way to know whether your home device is affected. ThroughTek has not published a list of brands or products, which could still have the bug.

However, you can reduce the risk by updating all your IoT devices to the latest version, making sure you have secure login passwords and avoiding connecting to public WiFi networks. And if you’re still feeling anxious, there’s always the old-school option of putting a bit of tape over the camera lens.

Source: Read Full Article