Security News > 2021 > August > Video surveillance network hacked by researchers to hijack footage
Operated by Chinese smart device company ThroughTek, Kalay is pitched as a cloud-based solution for vendors of home automation devices, including security cameras, smart locks, video doorphones, smart power plugs, and even personal cloud storage hardware such as NAS devices.
As you can see, the idea is that instead of creating their own protocol, setting up their own servers and building their own home automation service, home device makers can build the Kalay software into their own firmware, and use the existing Kalay network so their customers can manage and access the devices.
Mandiant researchers found what amounts to a sort of Manipulator-in-the-Middle attack against the Kalay protocol that could give an attacker a way to hack into devices in someone's home, including remotely watching video from the victim's webcams.
If an attacker does know the UID of one of your devices - sniffed off your home network by malware and sold on the underweb, perhaps, or inadvertently disclosed in some other way - then a crook can take over simply by pretending to be your device temporarily, and re-registering itself with the Kalay network.
If you then use those new credentials to authenticate your own software to the targeted device in order to request live video, the Kalay network will reach out on its network to locate the UID you specified.
If you have a device that uses a back-end cloud network you aren't sure about, consult the vendor to see if Kalay is involved.