London Daily

Focus on the big picture.
Sunday, Jul 19, 2026

More than 83 million smart devices, including baby monitors, at risk from hackers

More than 83 million smart devices, including baby monitors, at risk from hackers

Hackers could listen to and watch live audio and video feeds from smart cameras and baby monitors, due to a vulnerability being disclosed by Mandiant and the US Cybersecurity and Infrastructure Security Agency.
A critical vulnerability affecting more than 83 million smart devices, including smart cameras and baby monitors, could allow hackers to listen to and watch live audio and video feeds, it has emerged.

The flaw "poses a huge risk" to people's security and privacy said security company Mandiant, which is coordinating its disclosure with the US Cybersecurity and Infrastructure Security Agency (CISA).

While default passwords have prompted UK security services to warn consumers about criminal activity, the flaw discovered by Mandiant also affects devices which do not use default passwords.

According to Mandiant, the problem is in an IoT (Internet of Things) software protocol called Kalay, developed by Taiwanese company ThroughTek, which offers a platform to control smart devices from.

Before the coordinated disclosure was made, ThroughTek warned users to update their software to stop hackers accessing "sensitive information in transmission and on victim devices".

A similar vulnerability was discovered in the Kalay protocol by Nozomi Networks earlier this year, although Mandiant says its discovery is more severe, allowing attackers to remotely control affected devices as well as snoop on them.

Because the Kalay protocol is installed by both original equipment manufacturers (OEMs) and resellers before smart devices reach consumers, Mandiant said it couldn't determine a complete list of products affected.

However, the business - which is part of cyber security company FireEye - noted ThroughTek's website "reports more than 83 million active devices on the Kalay platform at the time of writing".

Back in 2014, the UK's data watchdog warned Britons that private webcam feeds were being streamed on a Russian website, using default logins and passwords to access the devices.

The British government plans to introduce a new law which will force OEMs and resellers of smart devices to meet minimum security requirements in the UK.

The government announced the Product Security and Telecommunications Infrastructure Bill during the Queen's Speech earlier this year, although this is not yet law.

Announcing the law earlier this year, digital infrastructure minister Matt Warman said: "We are changing the law to ensure shoppers know how long products are supported with vital security updates before they buy and are making devices harder to break into by banning easily guessable default passwords.

"The reforms, backed by tech associations around the world, will torpedo the efforts of online criminals and boost our mission to build back safer from the pandemic."

A spokesperson for the UK's National Cyber Security Centre (NCSC) said: "We are aware of this vulnerability and ThroughTek has released an update to fix the issue.

"Simply using the platform does not automatically make you vulnerable to real-world impact, as additional information that is hard to guess is needed to exploit the vulnerability in an individual device successfully.

"To maximise protection, the NCSC recommends individuals keep their software up to date by installing the latest vendor updates as soon as practicable."
Newsletter

Related Articles

0:00
0:00
Close
Germany’s Economic Malaise Reopens the Sunday Shopping Debate
Singapore Considers Lower Taxes for Fund Managers as Hong Kong Intensifies Talent Contest
US Retaliates Against Iran After Two American Troops Killed in Jordan
Bank of Asia BVI Enters Court-Supervised Liquidation After Regulators Find It Insolvent
Proposed U.S.-Saudi Nuclear Pact Could Permit Limited Uranium Enrichment Under International Safeguards
Netherlands Declares Water Shortage Emergency After Drought Pushes Rivers to Historic Lows
Iran Claims It Destroyed Bahrain’s Main Artificial Intelligence Center in Missile and Drone Strike
Ukrainian Drones Strike Wildberries Warehouses Deep Inside Russia
Brothers Andrew and Tristan Tate Who Turned "Toxic Masculinity" Into a Brand Arrested in Miami as Britain Seeks Their Extradition
Reported CIA Mission Helped Clear the UAE’s Path to Advanced US AI Chips
Artificial Intelligence Capital Fuels Markets While Governments and Regulators Face Mounting Strategic Tests
China’s Moonshot’s Kimi K3 Narrows the Gap With Anthropic Through Scale, Openness and Lower Cost
Gold and Cash Seizure Puts Indonesia’s Senior Anti-Corruption Prosecutor Under Investigation
The Ledger Will Not Trust on Faith
Bank of England Warns Climate Shocks Could Trigger Sudden Asset Repricing
UK Treasury Places Microsoft, Google, AWS and Oracle Under New Financial Resilience Rules
Scottish Government Faces Pressure Over Delays in Vulnerable Group Background Checks
Crown Prosecution Service Authorises Additional Charges Against Andrew and Tristan Tate
NHS Approves At-Home Cancer Treatments for Rare Blood Disorders
Bank of England Gains Oversight of Major Cloud Providers Supporting UK Financial System
UK Government Plans Major Overhaul of English Local Councils Through New Unitary Authorities
British Steel Nationalisation Dispute Escalates as Chinese Owner Jingye Seeks Compensation
Bank of England Signals Interest Rates Will Stay High as It Warns of Financial Risks From Climate and AI
Trump Administration Pressures Banks to Restrict Financial Access for Undocumented Immigrants
Passenger Bound for Germany Refused to Sit Beside a Woman on a Plane — Then Slapped a Flight Attendant
Ukraine’s Leadership Rift Spills Into the Streets as Protesters Target Army Chief
Ukrainian Drone Barrage Kills Eight and Strikes Russian Logistics Network
Key Trends to Watch
Financial Conduct Authority Warns Cloud and Digital Risks Are Becoming a Financial Priority
Jeffrey Donaldson Appeals Sexual Abuse Conviction as Democratic Unionist Party Opens Review
Welsh Health Authorities Launch Emergency Meningitis Vaccination Programme for Students
Scottish Business Activity Falls for Third Month as Companies Face Rising Costs
Bank of England Regulators Demand Better Access to Digital Banking Services
United Kingdom Cuts Bilateral Aid to Several African Countries by Up to Ninety Per Cent
United Kingdom Introduces Tougher Deportation Rules After Rochdale Exploitation Scandal
NHS England Launches Wearable Technology Plan to Reduce Sepsis Deaths
Amazon Web Services Billing Error Sends Trillion-Dollar Invoices to British Companies
Bank of England Takes Direct Regulatory Role Over Major Global Cloud Providers
Extreme Summer Heat Drives Record Fire Risk and Rising Deaths Across Britain
United Kingdom Nationalisation of British Steel Sparks Diplomatic Dispute With China
United Kingdom Economy Shows Weak Growth Ahead of Major Autumn Budget
Andy Burnham Set to Become United Kingdom Prime Minister After Labour Leadership Victory
The Ten World Cup Finals That Defined Football History
Smartphones Are Getting More Expensive, Sales Are Collapsing, and Even Apple Admits: "Prices Will Rise"
The Monaco Bombing Has Become a Test of Ukraine’s Intelligence Accountability
Leadership Change and Strategic Rivalry Redraw the Political Map
Energy Risk, Uneven Growth and the New Geography of Global Capital
The AI Race Enters Its Infrastructure Era
Security and resilience remain long-term national priorities
Britain balances growth ambitions with public finance pressures
×