TAIPEI, June 25, 2021 /PRNewswire/ — ThroughTek Co., Ltd.h, a solution provider of IoT cloud service platform, has been informed by U.S. Cybersecurity and Infrastructure Security Agency (CISA) of a vulnerability of old versions of P2P software development kit (SDK), which are integrated into IoT devices and may be exploited by unauthorized third parties to gain access to the server. ThroughTek has been working closely with CISA for mitigations and proactively assisting customers to update the firmware of the devices at risk with a patch fix released in late 2018 or up-to-date SDK. Additional information can be found in the CISA advisory.
ThroughTek has been committed to security from day one and continuously improved security measures to protect IoT devices integrated with our products from malicious cyberattacks. “We take the information from CISA very seriously. In fact, we encourage everyone to report vulnerabilities of our products. To react to reported security issues efficiently, we have built a Product Security Incident Response Team,” says Patrick Kuo, CEO of ThroughTek. “We consider this advisory, like all the other vulnerability reports from different sources, as an opportunity to make our products better and safer.”
Ensuring cybersecurity of the products and services is particularly challenging nowadays because the technologies are evolving faster and the attackers are becoming more innovative. ThroughTek will keep optimizing our product security and always welcome security advisories from CERTs, researchers, partners and any other source for a coordinated vulnerability disclosure.