Threat Update
ThroughTek, a massive original equipment manufacturer (OEM) supplier, has been made aware of a software vulnerability involving the IP cameras with P2P connections. The vulnerability could potentially allow unauthorized access to sensitive information via camera audio/video feeds. SKOUT recommends disabling the P2P functionality of the camera to prevent unauthorized capture of audio/video content.
Technical Detail & Additional Information
WHAT IS THE THREAT?
ThroughTek’s P2P Software Development Kit (SDK) vulnerability can lead to unauthorized viewing of camera feeds. Threat actors can access this feed since the traffic traversing the internet is obfuscated using fixed keys rather than secure key exchange. Fixed keys essentially means placing a set of keystrokes in front of sensitive data i.e. hgvwjohndoe, allowing it to be easily decoded. Whereas secure key exchange is a method in cryptography where cryptographic keys are exchanged between two parties, allowing use of a cryptographic algorithm. In essence, the P2P SDK vulnerability traffic is revealed in cleartext exposing sensitive information like the UID (unique ID) of the device.
WHY IS IT NOTEWORTHY?
Multiple OEMs use ThroughTek as a supplier worldwide, and ThroughTek states that its solution is used by several million connected devices. P2P is used by multiple camera vendors and CCTV solutions, such as Dome surveillance cameras. The affected ThroughTek P2P products do not adequately protect traffic between the local device and ThroughTek servers; essentially exposing sensitive information to threat actors in cleartext.
WHAT IS THE EXPOSURE OR RISK?
Many consumers are unaware of the risk of using Internet of Things (IoT) devices and most often by simply looking at the technical details of the device are unable to determine the P2P functionality. As previously stated, the P2P SDK is outsourced to many original equipment manufacturers (OEMs) of consumer grade security and IoT devices. Without full awareness of P2P provider and client/server implementation it is difficult to know the security features, if any, of the device. If unaware of the security function, or lack thereof, the risk of device compromise increases. Once exploited the sensitive data the threat actor retrieves can be held for ransom.
WHAT ARE THE RECOMMENDATIONS?
SKOUT recommends that administrators follow the guidelines below:
- Minimize network exposure for all control system devices and/or systems and ensure that they are not accessible from the Internet.
- Locate control system networks and remote devices behind firewalls and isolate them from the business network.
- When remote access is required, use secure methods, such as Virtual Private Networks (VPNs), recognizing VPNs may have vulnerabilities and should be updated to the most current version available. Please be aware that VPN is only as secure as its connected devices.
- Disable the P2P functionality of the camera to prevent unauthorized capture of audio/video content.
REFERENCES
For more in-depth information about the recommendations, please visit the following links:
- https://us-cert.cisa.gov/ics/advisories/icsa-21-166-01
- https://www.throughtek.com/about-throughteks-kalay-platform-security-mechanism/
- https://www.nozominetworks.com/blog/new-iot-security-risk-throughtek-p2p-supply-chain-vulnerability/
If you have any questions, please contact our Security Operations Center.
