If you have a connected object, there is a good chance that it is subject to a very serious security breach. In a report published on Tuesday, Microsoft reveals that there is a vulnerability present in the Boa server, which is widely used by them. Even worse, it would be very difficult to fix, according to the Redmond company.
For many, connected objects are a very practical addition to everyday life, but we mustn’t forget that they can inherently pose many risks to the safety of their users. This Tuesday, November 22, Microsoft reminded us again in a blog post. In the latter, the Redmond company reveals that it has discovered a dangerous security breach on the Boa server.
The latter is particularly popular with connected objects, especially for routers and security cameras. Some development kits also use it, Microsoft says. According to the group, at least one million devices are thus exposed to the vulnerability. This figure is calculated over a period of just one week, and could therefore potentially be much higher.
On the same topic — Security: millions of connected objects threatened by a bug in UPnP are updated immediately
A dangerous security breach affects our connected objects
The bug was discovered during an investigation by Microsoft after the hacking of an electricity grid in India. The Redmond company then concluded that the attack was carried out by Chinese hackers exploiting this very flaw. The risk therefore exists not only for users, but also for millions of companies, the company warns. Recently, an attack this time targeted Tata Power, another Indian electricity supplier, which led to the deployment of Hive ransomware in the network.
On the same topic: More than 100 million connected objects are threatened by critical security vulnerabilities!
” That [vulnérabilités] affecting these components may allow an attacker to gather information about network assets before launching attacks and gain access to a network undetected by obtaining valid credentials.”, writes Microsoft. The firm adds that attacks exploiting the flaw are still regular to this day. Even more worryingly, it has proven difficult to fix because the implementation of the Boa server in linked objects is particularly complex.