Security News

vulnerability in the SDK that allows IoT devices to use ThroughTek's Kalay P2P cloud platform could be exploited to remotely compromise and control them, Mandiant researchers have discovered.The Kalay platform allows IoT devices to register through it and get connected to a mobile or desktop application.

Researchers at FireEye's threat intelligence and incident response unit Mandiant have identified a critical vulnerability that exposes millions of IoT devices to remote attacks. The flaw was found in a core component of the Kalay cloud platform for IoT devices offered by ThroughTek, a Taiwan-based company that provides IoT and M2M solutions for surveillance, security, smart home, cloud storage, and consumer electronics systems.

Taiwanese chip designer Realtek is warning of four security vulnerabilities in three software development kits accompanying its WiFi modules, which are used in almost 200 IoT devices made by at least 65 vendors. CVE-2021-35394 - Multiple buffer overflow vulnerabilities and an arbitrary command injection vulnerability in 'UDPServer' MP tool.

Taiwanese chip designer Realtek has warned of four vulnerabilities in three SDKs accompanying its Wi-Fi modules, which are used in almost 200 products made by more than five dozen vendors. Security firm IoT Inspector, based in Bad Homburg, Germany, disclosed the vulnerabilities to Realtek in May, and said more than 65 hardware makers' products incorporate the Realtek RTL819xD module, which implements wireless access point functions and includes one of the vulnerable SDKs. "By exploiting these vulnerabilities, remote unauthenticated attackers can fully compromise the target device and execute arbitrary code with the highest level of privilege," the biz said in its advisory, estimating - conservatively, we think - that almost a million vulnerable devices may be in use, including VoIP and wireless routers, repeaters, IP cameras, and smart lighting controls.

Inmarsat is unveiling Inmarsat ELERA; a global narrowband network that is ideally suited to the rapidly evolving world of the Internet of Things and for global mobility customers, including aviation, maritime, governments and select enterprises. Coming just 14 days after Inmarsat announced ORCHESTRA, the world's first network to combine GEO, LEO and 5G into one harmonious global communications solution, ELERA underlines Inmarsat's strategic focus on the global mobility segment of satellite communications.

With greater awareness and complete visibility into every connected device, organizations can create a full inventory of IoT devices with all the information required to maintain them. Default passwords allow attackers to take over IoT devices as easy access points into the network.

Sectigo announced the addition of the Sectigo Secure Key Storage SDK to its collection of offerings. Sectigo Secure Key Storage: The software-based alternative for IoT devices.

Faraday Technology Corporation announced that its SoReal! 2.0 Virtual Platform has been successfully deployed in an Industrial IoT ASIC project, enabling the SoC to run Linux within just a few days, which includes Linux drivers, ROM code, and security boot. By integrating VDKs into the ASIC design and validation process, this SoReal! 2.0 virtual platform gives customers the ability to launch both virtual and FPGA-based prototypes allowing full system bring up long before silicon is available.

A critical vulnerability has been disclosed in hardware random number generators used in billions of Internet of Things devices whereby it fails to properly generate random numbers, thus undermining their security and putting them at risk of attacks. "It turns out that these 'randomly' chosen numbers aren't always as random as you'd like when it comes to IoT devices," Bishop Fox researchers Dan Petro and Allan Cecil said in an analysis published last week.

A critical vulnerability has been disclosed in hardware random number generators used in billions of Internet of Things devices whereby it fails to properly generate random numbers, thus undermining their security and putting them at risk of attacks. "It turns out that these 'randomly' chosen numbers aren't always as random as you'd like when it comes to IoT devices," Bishop Fox researchers Dan Petro and Allan Cecil said in an analysis published last week.