CVE-2023-6324
📋 TL;DR
This vulnerability in ThroughTek Kalay SDK allows attackers to decrypt DTLS-encrypted communications by exploiting a predictable pre-shared key (PSK) value when an unexpected PSK identity is encountered. This affects any IoT devices, cameras, or systems using vulnerable versions of the ThroughTek Kalay SDK for P2P communication. Attackers can intercept and decrypt sensitive data streams between devices.
💻 Affected Systems
- ThroughTek Kalay SDK
- IoT devices using ThroughTek Kalay SDK (cameras, smart devices)
📦 What is this software?
Cam 2 Firmware by Owletcare
Cam Firmware by Owletcare
Kalay Platform by Throughtek
⚠️ Risk & Real-World Impact
Worst Case
Complete compromise of encrypted video/audio streams, allowing unauthorized surveillance, data theft, and potential lateral movement into connected networks.
Likely Case
Interception and decryption of video/audio feeds from vulnerable IoT devices, leading to privacy violations and potential credential harvesting.
If Mitigated
Limited to devices with proper network segmentation and encryption controls, reducing exposure to internal threats only.
🎯 Exploit Status
Exploitation requires network access to intercept DTLS handshake. Public research and PoC code exist demonstrating the vulnerability.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Check with device manufacturers for specific patched versions
Vendor Advisory: https://www.throughtek.com/kalay_platform.html
Restart Required: Yes
Instructions:
1. Contact device manufacturer for firmware updates. 2. Apply firmware updates that include patched Kalay SDK. 3. Restart devices after update. 4. Verify encryption is functioning properly.
🔧 Temporary Workarounds
Network Segmentation
allIsolate vulnerable IoT devices from critical networks and internet exposure
Disable P2P Features
allTurn off ThroughTek Kalay P2P functionality if not required
🧯 If You Can't Patch
- Segment IoT devices into isolated VLANs with strict firewall rules
- Monitor network traffic for unusual DTLS handshake patterns or decryption attempts
🔍 How to Verify
Check if Vulnerable:
Check device firmware version against manufacturer advisories. Network monitoring for DTLS handshakes with predictable PSK values.Check Version:
Device-specific - check manufacturer documentation for version query commandsVerify Fix Applied:
Verify updated firmware version and test DTLS encryption with proper PSK negotiation.📡 Detection & Monitoring
Log Indicators:
- Failed DTLS handshake attempts
- Unexpected PSK identity errors in device logs
Network Indicators:
- Intercepted DTLS traffic with predictable PSK values
- Multiple DTLS session resets
SIEM Query:
source="network_traffic" protocol="DTLS" (event="handshake_failure" OR psk_identity="unexpected")