Millions of Connected Cameras Open to Eavesdropping
According to a warning released by the Cybersecurity and Infrastructure Security Agency, millions of connected security and home cameras contain a critical software vulnerability that could allow for remote attackers to view video feeds. The bug has been designated as a 9.1 CVSS score, meaning that it is of high severity. The vulnerability has been introduced via a supply-chain component originating from ThroughTek, a vendor that is used by several different equipment manufacturers of security cameras and IoT devices such as baby and pet monitoring cameras.
The potential issues this vulnerability presents include everything from extracting sensitive business data and company secrets in the office, privacy implications at home, and information on floorplans for physical attacks. The CISA stated that there are no known public exploits targeting the bug in the wild at this point. The ThroughTek component has been installed in several million connected devices and is used to provide remote access to audio and video streams over the internet.