Critical CCTV ThroughTek P2P SDK vulnerability is easy to exploit and affects multiple security camera vendors

Cybersecurity specialists report the discovery of a critical vulnerability in the P2P software development kit of ThroughTek, a company that has developed multiple devices such as IP cameras with P2P connections as part of its cloud services platform.

According to the report, successful exploitation of this vulnerability could allow unauthorized access to confidential information, including audio and video transmissions from the affected camera.

Tracked as CVE-2021-32934, this vulnerability exists because ThroughTek products that employ the compromised SDK do not adequately protect information transferred between the local device and the company’s servers. Unauthenticated threat actors could abuse this condition to intercept sensitive information, including image samples and video with audio.

This vulnerability was reported by Nozomi Networks researchers through the Cybersecurity and Infrastructure Security Agency (CISA) and received a score of 9.1/10 on the Common Vulnerability Scoring System (CVSS) scale, so it is considered a critical security issue.

At the moment there are no updates to address this flaw, so ThroughTek prepared some recommendations for users of affected deployments. For users of the P2P SDK v3.1.10 and higher, the company recommends enabling authkey and DTLS. For users of versions earlier than v3.1.10, we recommend that you upgrade the library to v3.3.1.0 or v3.4.2.0 and enable authkey/DTLS.

On the other hand, CISA recommends enabling additional protective measures, including:

  • Minimize network exposure of control devices or systems
  • Identify control system networks and remote devices behind firewalls and isolate them from the enterprise network
  • When remote access is required, employ secure methods such as connecting via VPN. In turn, make sure your VPN deployment is up-to-date to the latest version available

Organizations that observe any malicious activity should follow their internal security procedures, in addition to notifying the developer of the affected software and, if possible, also notifying CISA.

For more information on hacking incidents, cybersecurity, malware attacks and security tips, feel free to access the platforms of the International Institute of Cyber Security (IICS).