Security firm Mandiant’s researchers found the exploit, which affects the security in Thoughtek’s Kalay platform, late last year. The firm decided to publicly disclose it today in…
Why it matters: A security vulnerability affecting a software platform that connects millions of internet of things (IoT) devices, including baby monitors and security cameras, was publicly disclosed today. Although a firmware update addressed this vulnerability in 2018, it isn’t clear if all the companies selling the affected products have implemented it. So far there’s no evidence anyone has actually used the exploit in an attack. Security firm Mandiant’s researchers found the exploit, which affects the security in Thoughtek’s Kalay platform, late last year. The firm decided to publicly disclose it today in conjunction with the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency.
