In SN 833, @Steve discussed the Mandient/FireEye research into ThroughTek's IoT SDK and some major vulnerabilities. I recall hearing this from the FireEye post "Mandiant was not able to create a comprehensive list of affected devices..." Ha! This is typical of vulnerability research. Very rarely do you get lists of devices, unless they were specifically tested. FireEye doesn't even tell us that. They say "ThroughTek’s clients include IoT camera manufacturers, smart baby monitors, and Digital Video Recorder (“DVR”) products." The IoT camera link goes to https://www.throughtek.com/case-studies/ which ThroughTek has taken down.
Fortunately, we have the Internet Archive (why not make a donation for their valuable service!).
This reveals the one widely recognizable name in ThroughTek's partners is Wyze. I guess that's how you sell a camera for $30.
The complete list of clients on their page (as of 17 Aug 2021):
"What could go wrong?"
Fortunately, we have the Internet Archive (why not make a donation for their valuable service!).
Partners | ThroughTek
web.archive.org
This reveals the one widely recognizable name in ThroughTek's partners is Wyze. I guess that's how you sell a camera for $30.
The complete list of clients on their page (as of 17 Aug 2021):
- Cubo AI - maker of baby monitors - https://us.getcubo.com
- Wyze - maker of inexpensive cameras/IoT and personal devices - https://www.wyze.com
- MI.com (Xiaomi) - seems to be maker of almost every electronic device - https://www.mi.com/tw
- Simshine - maker of baby and other cameras - https://simshine.ai
- OTUS Imaging - maker of dash-cams - https://www.otusimaging.com/
"What could go wrong?"