Security News > 2021 > August > Critical bug impacting millions of IoT devices lets hackers spy on you
Security researchers are sounding the alarm on a critical vulnerability affecting tens of millions of devices worldwide connected via ThroughTek's Kalay IoT cloud platform.
A remote attacker could leverage the bug to gain access to the live audio and video streams, or to take control of the vulnerable device.
"Mandiant observed that the binaries on IoT devices processing Kalay data typically ran as the privileged user root and lacked common binary protections such as Address Space Layout Randomization, Platform Independent Execution, stack canaries, and NX bits" - Mandiant.
What owners of affected devices can do to mitigate the risk is keep their device software and applications updated to the latest version and define complex, unique login passwords.
They should avoid connecting to IoT devices from an untrusted network.
Because the Kalay platform is used by devices from a large number of manufacturers, it is difficult to create a list with the affected brands.