If you have a connected object, there is a good chance that it is the victim of a very serious security breach. In a report published on Tuesday, Microsoft reveals that a vulnerability is present on the Boa server, widely used by them. Worse still, it would be very difficult to correct, according to the Redmond firm.
For many, connected objects are a very practical addition to everyday life, but we must not forget that, by their very nature, they can cause many risks to the safety of their users. This Tuesday, November 22, Microsoft reminded us again in a blog post. In the latter, the Redmond firm reveals that it has detected a dangerous security breach on the Boa server.
The latter is particularly popular with connected objects, especially for routers and security cameras. Some development kits also use it, says Microsoft. According to the group, at least one million devices are thus exposed to the vulnerability. This figure was calculated over a period of only one week, and can therefore potentially be much higher.
On the same subject — Security: millions of connected objects threatened by a flaw in UPnP, urgently update
A dangerous security breach is affecting our connected objects
The flaw was discovered during an investigation by Microsoft following the hacking of a power grid in India. The Redmond firm then concluded that the attack was perpetrated by Chinese hackers by exploiting precisely this flaw. The risk therefore does not exist only for users, but also for millions of companies, warns the company. Recently, an attack this time targeted Tata Power, another Indian electricity supplier, leading to the deployment of Hive ransomware in the network.
On the same subject: More than 100 million connected objects are threatened by critical security vulnerabilities!
” The [vulnérabilités] that impact these components can allow an attacker to gather information about network assets before launching attacks, and gain access to a network undetected by obtaining valid credentials”, writes Microsoft. The firm adds that attacks exploiting the flaw are still regular to this day. Even more worrying, repairing it is proving difficult, because the implementation of the Boa server in connected objects is particularly complex.
Source: Microsoft