[SOFTWARE] More than two million IoT products threatened in iLinkP2P software

       The iLinkP2P embedded software that allows faster connection to connected objects based on Peer to Peer is affected by a vulnerability that threatens more than two million IoT products and consumer data. Developed by the Chinese company Yunni Technology, iLinkP2P is a software embedded in many connected objects, security cameras, IoT systems and other products that concern home automation. In the end, more than two million objects use this software. The latter is based on Peer to Peer technology and according to cybersecurity researcher Paul Marrapese, associated with specialized blogger Brian Krebs, it has many flaws. This software has proved its worth through its practicality. Instead of opening the ports of his router and firewall, “all you have to do is scan a QR or type in a six-digit code to connect these objects”. However, the researcher has discovered 6 million potential combinations of this code, including 2 million currently being tested on products in circulation. The vulnerabilities are difficult to fix because when users identify with their smartphone, the software sends regular messages to facilitate connection with the devices. Hackers will be able to know their password if users change the default credentials by “rerouting” the connection to a Peer to peer server. In addition, if the hacker inquires about the UID, he can issue the same type of message to take control of it. According to the same researcher, one solution is to block the 32100 UDP port of the router firewall.