A supply-chain component lays open camera feeds to remote attackers thanks to a critical security vulnerability.
Millions of connected security and home cameras contain a critical software vulnerability that can allow remote attackers to tap into video feeds, according to a warning from the Cybersecurity and Infrastructure Security Agency (CISA).
The bug (CVE-2021-32934, with a CVSS v3 base score of 9.1) has been introduced via a supply-chain component from ThroughTek that’s used by several original equipment manufacturers (OEMs) of security cameras – along with makers of IoT devices like baby- and pet-monitoring cameras, and robotic and battery devices. The potential issues stemming from unauthorized viewing of feeds from these devices are myriad.
For critical infrastructure operators and enterprises:
- video-feed interceptions could reveal sensitive business data,
- production/competitive secrets,
- information on floorplans for use in physical attacks,
- and employee information.
And for home users, the privacy implications are obvious. more
