Multi Vendor Security Camera Feeds Exposed Due to Flaw in SDK [CVE-2021-32934]
CVE Number – CVE-2021-32934
The affected ThroughTek P2P products do not sufficiently protect data transferred between the local device and ThroughTek servers. This can allow an attacker to access sensitive information, such as camera feeds.
ThroughTek has discovered that many customers have incorrectly implemented their SDK or have disregarded their SDK version updates.
ThroughTek recommends original equipment manufacturers to implement the following mitigations:
- If SDK is Version 3.1.10 and above, enable authkey and DTLS.
- If SDK is any version prior to 3.1.10, upgrade library to v3.3.1.0 or v3.4.2.0 and enable authkey/DTLS.
Additional information can be found in ThroughTek’s advisory
Duncan is a technology professional with over 20 years experience of working in various IT roles. He has a interest in cyber security, and has a wide range of other skills in radio, electronics and telecommunications.