Millions of smart home devices at risk, including baby monitors (Image: GETTY)
A critical bug unearthed in millions of smart home devices around the world could allow attackers to access cameras and microphones remotely. Researchers warn that devices using an Internet of Things, IoT, software platform called Kalay all share the same weakness. The affected devices could be security cameras, smart doorbells and even baby monitors.
In fact, ThroughTek, which designs the Kalay platform, claims that more than 83 million gadgets around the world use its technology – meaning any hacker who exploits the bug can easily access live video and audio feeds in millions of homes. …with very creepy implications.
Jake Valleta, one of the researchers who raised the alarm, told Wired: “An attacker can connect to a device at will, get audio and video, and use the remote API to do things like trigger a firmware update, -change the angle of a camera or reboot the device, and the user doesn’t know anything is wrong.”
Hackers were able to take advantage of the bug through a complicated process that involved stealing user IDs and passwords, then overwriting the device on Kalay’s central servers. This would essentially hijack the device.
While it’s still hypothetical at this point — as far as we know, no bad actors have taken advantage — the researchers managed to hack into Kalay’s systems themselves and take over a device that runs the software.
Due to the sheer number of companies and products that depend on this software, it may not be easy to fix. Even after the bug is removed from the underlying technology, each device must be updated by the manufacturer.
Security experts say a large proportion of IoT devices will still be vulnerable because they have not been updated to the latest version of Kalay. Smaller, less security-conscious brands are less likely to roll out the patches.
Unfortunately, there is no real way to know if your home device is affected. ThroughTek has not published a list of brands or products that could still have the bug.
However, you can reduce the risk by updating all of your IoT devices to the latest version, making sure you have secure login passwords, and avoiding connecting to public Wi-Fi networks. And if you’re still feeling anxious, there’s always the old-fashioned option of sticking a piece of tape over the camera lens.
Check all Technology News here: Gaming Ideology
