Headline
Retired Software Exploited To Target Power Grids, Microsoft
By Habiba Rashid Boa was discontinued in 2005 but remained popular and is now becoming a crisis because of the complex nature of how it was built into the IoT device supply chain. This is a post from HackRead.com Read the original post: Retired Software Exploited To Target Power Grids, Microsoft
A recent alarming report by Microsoft reveals the risks attached to common Internet of Things (IoT) devices using the discontinued Boa web server. Hackers are exploiting vulnerabilities in the software to target organizations in the energy sector.
On Tuesday, Microsoft researchers revealed in an analysis their discovery of a vulnerable open-source component in the Boa web server, used widely in a range of routers and security cameras as well as popular software development kits (SDKs).
Despite the software’s retirement in 2005, it remained popular and is now becoming a crisis because the complex nature of how it was built into the IoT device supply chain is making it difficult to mitigate the Boa flaws.
Microsoft reports that attackers are continuing their attempts to exploit the flaws of the Boa web servers which include a high-severity information disclosure bug (CVE-2021-33558) and another arbitrary file access flaw (CVE-2017-9833). An unauthenticated attacker could exploit these vulnerabilities to obtain user credentials and leverage them for remote code execution.
“The known CVEs impacting such components can allow an attacker to collect information about network assets before initiating attacks and to gain access to a network undetected by obtaining valid credentials. In critical infrastructure networks, being able to collect information undetected prior to the attack allows the attackers to have a much greater impact once the attack is initiated, potentially disrupting operations that can cost millions of dollars and affect millions of people,” Microsoft said.
Microsoft’s initial discovery of the vulnerable component was made while it was investigating a suspended Indian electric grid intrusion. This followed a report in 2021 by the threat intelligence company Recorded Future detailing that a Chinese threat group was targeting operational assets within India’s power grid.
In April 2022, the firm published a new report describing attacks from another Chinese state-sponsored threat actor using IoT devices to gain a foothold on operational technology (OT) networks, used to monitor and control physical industrial systems.
Needless to say, the damage caused by this vulnerable component could be immense since Microsoft has identified one million internet-exposed Boa server components globally over the span of one week.
Another major concern is the fact that due to often being included in popular SDKs, the presence of a Boa server in a product is unknown by many of the users. Realtek SDK is one example of a software development kit that is provided to companies that make routers, access points, and other gateway devices and includes the Boa web server.
Microsoft warns about the supply chain risk posed by flaws in widely-used network components as it continues to witness attacks targeting Boa vulnerabilities.
- Microsoft Warns of Evolving Toll Fraud Android Malware
- Microsoft warns of Hackers Using Malicious IIS Extensions
- Microsoft Office Most Exploited Software in Malware Attacks
- New Spam Attack Abusing OAuth Apps to Target MS Exchange
- Scammers Leveraging Microsoft Team GIFs in Phishing Attacks
I am a cyber security writer and one of my favourite games is Minecraft. I also really like obscure cat memes and during my free time, if I’m not found hanging around in Discord voice channels with my friends, I’m probably cycling and taking pictures of random cats on the street.
Related news
Chinese threat actors have already used the vulnerable and pervasive Boa server to infiltrate the electrical grid in India, in spate of malicious incidents.
Microsoft on Tuesday disclosed the intrusion activity aimed at Indian power grid entities earlier this year likely involved the exploitation of security flaws in a now-discontinued web server called Boa. The tech behemoth's cybersecurity division said the vulnerable component poses a "supply chain risk that may affect millions of organizations and devices." The findings build on a prior report
Microsoft on Tuesday disclosed the intrusion activity aimed at Indian power grid entities earlier this year likely involved the exploitation of security flaws in a now-discontinued web server called Boa. The tech behemoth's cybersecurity division said the vulnerable component poses a "supply chain risk that may affect millions of organizations and devices." The findings build on a prior report
The Bosch Ethernet switch PRA-ES8P2S with software version 1.01.05 runs its web server with root privilege. In combination with CVE-2022-23534 this could give an attacker root access to the switch.
** DISPUTED ** Boa 0.94.13 allows remote attackers to obtain sensitive information via a misconfiguration involving backup.html, preview.html, js/log.js, log.html, email.html, online-users.html, and config.js. NOTE: multiple third parties report that this is a site-specific issue because those files are not part of Boa.
** DISPUTED ** /cgi-bin/wapopen in Boa 0.94.14rc21 allows the injection of "../.." using the FILECAMERA variable (sent by GET) to read files with root privileges. NOTE: multiple third parties report that this is a system-integrator issue (e.g., a vulnerability on one type of camera) because Boa does not include any wapopen program or any code to read a FILECAMERA variable.