Quote:Malicious actors could exploit critical security vulnerabilities in a peer-to-peer (P2P) communications technology used across millions of internet of things (IoT) devices, according to research first reported by KrebsonSecurity.
 
Security researcher Paul Marrapese initially reported the vulnerabilities to the device vendor on January 15, 2019, but received no response. Nor did the vendor respond to the second or third advisory notices with intent to disclose. After three months, the critical flaws were publicly disclosed on April 24.
 
Developed by Shenzhen Yunni Technology Company Inc., Ltd., iLnkP2P is one of several communications technology solutions often used by device manufacturers, according to Marrapese, adding that the vulnerabilities are specific to devices using the iLnkP2P solution.
 
On April 26, Marrapese published a blog in which he listed the prefixes of devices that are known to be vulnerable. Warning users that hackers could exploit the P2P connection and access IoT devices, including security cameras, without the owner’s knowledge, Marrapese wrote:

"Over 2 million vulnerable devices have been identified on the Internet, including those distributed by HiChip, TENVIS, SV3C, VStarcam, Wanscam, NEO Coolcam, Sricam, Eye Sight, and HVCAM. Affected devices use a component called iLnkP2P. Unfortunately, iLnkP2P is used by hundreds of other brands as well, making identification of vulnerable devices difficult."