Many people are used to trading privacy for convenience these days. After all, this is how those with nefarious agendas get people to adopt technology that continually spies on them. IoT technology is no different. A recently discovered security vulnerability from a major manufacturer of IoT devices has exposed just how dangerous this technology can be. The following article from TweakLibrary details how this sort of surveillance technology can wreak havoc upon our lives. – Truth Unmuted Editor Jesse Smith
This Security Vulnerability Could Change An IoT Device Into A Nasty Spy
IoT has had a remarkable impact on our lives. We now have devices connected over a network that are capable of making our lives much easier and comfortable. From smartphones to smartwatches to internet-powered doorbells, door alarms, security cameras, speakers, door locks, lights, bulbs, and baby monitors, the list is just endless. However, with this boon, a bane looms around and that is, miscreants can hack into these devices and if not acted upon promptly, they can wreak havoc on our lives. But, when can hackers feed on IoT devices? The answer is when they sniff a security vulnerability or when we as users don’t practice healthy security habits.
We’ll get into the security habits on a user’s part later in the blog but, let’s first discuss how a security vulnerability can lead a hacker into your IoT device and then into your personal or professional life. Quite recently, a security vulnerability has hit IoT devices. This security flaw can give access to your IoT audio and video feeds and turn into a spying tool.
What is This Security Vulnerability All About? How Severe Is The Security Flaw
As per the researchers at Nozomi Networks Lab and DHS, the security flaw can let malicious attackers tamper with an IoT device. They can easily convert a given IoT device such as a home security camera, a baby monitor, or a smart doorbell into a spying tool. Owing to this vulnerability, they can steal crucial data or spy on video feeds as well. Apart from intruding into one’s personal lives through the aforementioned channels, an attacker can even steal crucial business data such as data related to customers, employees, or even production techniques. The security flaw is indeed very severe. So much so that the Common Vulnerability Scoring System (CVSS) rates it at 9.1/10 on a severity scale.
How Did This Security Flaw Surface?
The flaw is a supply chain bug that was discovered in a software component (P2P SDK) manufactured by a company called ThroughTek who is one of the prominent suppliers of IoT devices. The P2P’s SDK gives remote access to audio/ video streams over the internet. The SDK is found in smart sensors, security cameras such as baby and pet monitoring cameras, doorbells, etc. and it help a viewer gain access to audio/ video streams. The flaw affects P2P’s version 3.1.5 or before. As Nozomi has demonstrated, the older versions of the SDK allow data packets to be intercepted while in transit. A hacker can refurbish these packets into complete audio or video streams.
ThroughTek has countered this bug in version 3.3 that was released in mid-2020. Though the issue is that quite many devices still run the older build. Secondly, as per ThroughTek, to conduct an attack, a prospective attacker will need to have extensive knowledge of network sniffer tools, network security, and encryption algorithm.