Connect with us

Hi, what are you looking for?

Tech & Science

Baby monitors caught up in the latest cybersecurity incident

The Kalay vulnerability has exposed millions of IoT devices and it was detected by security advisers and reported to the U.S. Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency.

Some baby monitors provide two-way communication which allows the parent to speak back to the baby. Image by Joris (Public Domain)
Some baby monitors provide two-way communication which allows the parent to speak back to the baby. Image by Joris (Public Domain)

Many variants of smart devices have been identified as being at risk from hacking. Among devices of concern this includes  security cameras, DVRs, and baby monitors. The vulnerability means that hackers may be able to access live video and audio streams over the Internet.

The vulnerability is not tied to a specific device manufacturer since the flaw relates to a software development kit used by many vendors and across 83 million smart devices. These devices are making over one billion connections to the Internet per month.

The software is ThroughTek Kalay, which provides a plug-and-play system for connecting smart devices with their corresponding mobile apps. The Kalay platform brokers the connection between a device and its app, handles authentication, and sends commands and data back and forth. 

The affected ThroughTek P2P products may be vulnerable to improper access controls. This vulnerability can allow an attacker to access sensitive information (such as camera feeds) or perform remote code execution. Hence the weakness relating to Kalay functionality enables coordination between a security camera and an app that can remotely control the camera angle.

The Kalay vulnerability has exposed millions of IoT devices and it was detected by security advisers and reported to the U.S. Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency.

Looking at the incident for Digital Journal is security expert Robert Prigge, CEO of Jumio.

According to Prigge, this attack introduces special types of dangers and these will be of concern to parents. He finds: “While this vulnerability is harmful to anyone with a smart device linked to the Kalay platform, it’s particularly concerning that baby monitor feeds are involved.”

With the specific risk, Prigge notes: “Through a simple social engineering tactic like phishing, hackers can extract a device’s identifier and obtain its unique credentials. From there, criminals can take full remote control of the device to watch live video feeds, install malware or download footage and leverage it for malicious purposes.”

To prevent these types of attacks in the future, Prigge feels strongly that a new form of identification is needed. Here he recommends that; “While this vulnerability is a serious lapse in security, usernames and passwords in general can no longer be trusted as a secure form of authentication in today’s fraud environment.”

“Instead, IoT companies must leverage biometric authentication — using a person’s unique human traits to verify identity — to ensure smart devices and their connected online accounts can only be accessed by authorized users.”

Avatar photo
Written By

Dr. Tim Sandle is Digital Journal's Editor-at-Large for science news. Tim specializes in science, technology, environmental, and health journalism. He is additionally a practising microbiologist; and an author. He is also interested in history, politics and current affairs.

You may also like:

Business

Tokyo stocks closed lower Monday with investors disheartened by global selloffs linked to growing fears over an economic slowdown.

Tech & Science

Scientists and engineers behind NASA's DART mission will be watching Monday evening - hoping to witness a spacecraft crash into an asteroid.

Tech & Science

Organizations should adopt security automation to assist with the detection and response of cyber-threats.

Business

Luxury sports carmaker Porsche will this week race onto the Frankfurt stock exchange in what is set to be one of Europe's biggest listings.