Skip to content

Indian Power grids hacked by exploiting software retired in 2005

  • by
  • 2 min read

While investigating a compromise in the Indian Power grid in Ladakh that happened in April, Microsoft researchers discovered that attackers are exploiting the Boa web server, used widely in a range of IoT devices, including routers and security cameras, to target power grids and organisations in the sector. 

The Boa web server contains a vulnerable open-source component that can be easily exploited. Despite being retired back in 2005, the web server is still popularly used in routers, security cameras and even a few popular software development kits (SDKs). 

The researchers’ analysis revealed two vulnerabilities in Boa, one high-severity information disclosure bug tracked as CVE-2021-33558, and another arbitrary file access flaw tracked as CVE-2017-9833. Their report suggests that attackers are actively trying to exploit the aforementioned vulnerabilities. 

Indian Power grids hacked by exploiting software retired in 2005
Vulnerabilities in Boa are distributed downstream to organisations and their field assets. | Source: Microsoft

Additionally, the RealTek SDK used to program SOCs used in devices like routers, access points, and repeaters that use the Boa web server also has two major vulnerabilities tracked as CVE-2021-35395 and CVE-2022-27255. While Realtek did issue patches to fix these weaknesses, they still reportedly affect millions of devices worldwide. Further, Realtek’s patches only solve part of the problem, as Boa’s web server vulnerabilities aren’t patched with these fixes. 

In the short span of a week, the researchers were able to pinpoint nearly one million Boa server components globally that are publicly exposed on the internet. This poses a supply chain attack risk that can affect millions of organisations running critical infrastructure worldwide. 

According to Microsoft, the most recent example of the type of attacks these vulnerabilities can open is the Hive ransomware gang’s attack on Tata Power, another Indian critical infrastructure organisation and subsidiary of the Tata Group. 

In the News: Hackers are using Whatsapp and Telegram to phish Facebook Ad accounts

Yadullah Abidi

Yadullah Abidi

Yadullah is a Computer Science graduate who writes/edits/shoots/codes all things cybersecurity, gaming, and tech hardware. When he's not, he streams himself racing virtual cars. He's been writing and reporting on tech and cybersecurity with websites like Candid.Technology and MakeUseOf since 2018. You can contact him here: yadullahabidi@pm.me.

>