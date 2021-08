© iStock/The Washington Post

Cybersecurity researchers said Tuesday they discovered a flaw that exposes live video data and audio from millions of internet-connected devices to hackers.The vulnerability affects more than 83 million devices that use ThroughTek 's Kalay network, according to the cybersecurity firm FireEye's Mandiant division. ThroughTek is a technology company started in Taiwan that services "internet-of-things" (IoT) devices and develops software. Mandiant said it coordinated with the federal Cybersecurity and Infrastructure Security Agency (CISA), which did not immediately respond to requests for comment. In June, CISA published an advisory warning of a vulnerability in ThroughTek software that could expose sensitive information to hackers.The latest discovered software vulnerability differs from the previous discovery in that Mandiant said the flaw it unearthed allows cyberattackers to communicate with devices remotely.Precisely which devices are affected remains unclear. Mandiant said it could not develop a comprehensive list of vulnerable devices, but ThroughTek The company's website said its home video surveillance products support Amazon Alexa and Google Home Assistant.In order to exploit the problem, Mandiant said, a hacker would need comprehensive knowledge of the Kalay protocol and obtain Kalay unique identifiers registered to individual devices that hackers could access through manipulating someone or by finding other flaws in the products.Yi-Ching Chen, a ThroughTek employee, said the company notified customers about the flaw and how to address it. The employee said in an email that the company takes cybersecurity seriously and thought the vulnerability would only happen when someone's Wi-Fi was compromised."[W]e have a dedicated software test team to assure our software is built with great quality and security and perform penetration tests periodically," said the ThoughTek employee. "Furthermore, we collaborate with our customers to have security assessments performed by third-party pen-testers."to combat hackers. Mandiant listed the researchers responsible for discovering the vulnerability in ThroughTek 's product as Erik Barzdukas, Dillon Franke and Jake Valletta.