Latest News & Notices
To Clarify the Media Report About a Vulnerability in Through’s Outdated SDK
Recently some media have reported a vulnerability in ThroughTek’s outdated SDK, which could permit malicious third-party unauthorized access to sensitive information. This vulnerability only happened in the devices with ThroughTek’s outdated SDK (SDK versions prior to v3.1.10), and since late 2018 we have been informing our customers to update their SDK and assisted customers who used the outdated SDK to update the firmware of the devices with a patch fix released in late 2018 to minimize the risks of sensitive information being accessed. (For more details, please refer to ThroughTek’s website.)
With the rapid development of information technology, safeguarding the cybersecurity of the products and services from malicious attacks is particularly challenging. Therefore, ThroughTek has been enhancing our security measures, and our latest SDK v4.0 is featured multiple security measures, such as AES256、UDID (Public UDID and Private UDID)、AuthKey、Pre share key、TLS、SecretID、OAuth2.0、DTLS for better data protection.
As an IoT solution provider, ThroughTek continuously upgrade our software and cloud service to provide higher security mechanisms to apply in devices, connections, and client APP. Although we cannot limit what API/function that developers will use in our SDK, ThroughTek will strengthen our educational training and make sure our customers use it correctly to avoid a further security breach.