{"id":49449,"date":"2022-11-23T17:02:32","date_gmt":"2022-11-23T17:02:32","guid":{"rendered":"https:\/\/www.darkreading.com\/ics-ot\/microsoft-iot-sdks-critical-infrastructure-cyberattack"},"modified":"2022-11-23T17:02:32","modified_gmt":"2022-11-23T17:02:32","slug":"microsoft-popular-iot-sdks-leave-critical-infrastructure-wide-open-to-cyberattack","status":"publish","type":"post","link":"https:\/\/www.threatshub.org\/blog\/microsoft-popular-iot-sdks-leave-critical-infrastructure-wide-open-to-cyberattack\/","title":{"rendered":"Microsoft: Popular IoT SDKs Leave Critical Infrastructure Wide Open to Cyberattack"},"content":{"rendered":"<div><img decoding=\"async\" src=\"https:\/\/eu-images.contentstack.com\/v3\/assets\/blt66983808af36a8ef\/blte6e57f07be1b6355\/628fcd6f94ba5875e12013d4\/it-ot-iiot-Elenabsl-AdobeStock.png\" class=\"ff-og-image-inserted\"><\/div>\n<p>Microsoft this week identified a gaping attack vector for disabling&nbsp;industrial control systems (ICS), which is&nbsp;unfortunately&nbsp;pervasive throughout critical infrastructure&nbsp;networks:&nbsp;the Boa Web server.<\/p>\n<p>The computing giant has identified vulnerabilities in the server&nbsp;as the initial access point for successful attacks on the Indian energy sector earlier this year, carried out by Chinese hackers. But here&#8217;s the kicker: It&#8217;s&nbsp;a Web server that&#8217;s been discontinued since 2005.<\/p>\n<p>It may seem strange that a nearly 20-year-old end-of-life server is still hanging around, but&nbsp;Boa is included&nbsp;in a range of&nbsp;popular software developer kits (SDKs) that Internet of Things device developers use in their design of critical components for ICS, according to Microsoft.&nbsp;As such, it&#8217;s&nbsp;still used across myriad IoT devices to access settings, management consoles, and sign-in screens for devices on industrial networks \u2014 which leaves critical infrastructure vulnerable to attack on a large scale. <\/p>\n<p>These include SDKs released by RealTek that are used in SOCs provided to companies that manufacture gateway devices like routers, access points, and repeaters, researchers noted.<\/p>\n<p>In April, Recorded Future <a href=\"https:\/\/www.recordedfuture.com\/continued-targeting-of-indian-power-grid-assets?__hstc=156209188.65c2d309abc7befc704e210a65154bf8.1666196607997.1666196607997.1666196607997.1&amp;__hssc=156209188.1.1666196607998&amp;__hsfp=2445685111\" target=\"_blank\" rel=\"noopener\">reported on<\/a> attacks on the Indian power sector that researchers attributed to a Chinese threat actor tracked as RedEcho. The activity targeted organizations responsible for carrying out real-time operations for grid control and electricity dispatch within several northern Indian states, and it&nbsp;occurred throughout the year.<\/p>\n<p>It turns out that the vulnerable component in the attacks was the Boa Web server. According to a&nbsp;Microsoft Security Threat Intelligence&nbsp;<a href=\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2022\/11\/22\/vulnerable-sdk-components-lead-to-supply-chain-risks-in-iot-and-ot-environments\/\" target=\"_blank\" rel=\"noopener\">blog post<\/a> published Nov. 22, the Web servers and the vulnerabilities they represent in the IoT component <a href=\"https:\/\/www.darkreading.com\/attacks-breaches\/getting-ahead-of-supply-chain-attacks\" target=\"_blank\" rel=\"noopener\">supply chain<\/a>&nbsp;are often unbeknownst to developers and administrators who manage the system and its various devices. In fact, admins often&nbsp;don&#8217;t realize that updates and patches aren&#8217;t addressing the Boa server, the researchers said.<\/p>\n<p>&#8220;Without developers managing the Boa Web server, its known vulnerabilities could allow attackers to silently gain access to networks by collecting information from files,&#8221; researchers wrote in the post. <\/p>\n<h2 class=\"regular-text\">Making the Discovery<\/h2>\n<p>It took some digging to identify that the Boa servers were the ultimate culprit in the Indian energy-sector attacks, the researchers said. First they noticed that the servers were running on the IP addresses on the list of indicators of compromise (IoCs) published by Recorded Future at the time of the release of the initial report last April, and also that the electrical grid attack targeted exposed IoT devices running Boa, they said. <\/p>\n<p>Moreover, half of the IP addresses returned suspicious HTTP response headers, which might be associated with the active deployment of the malicious tool that Recorded Future identified was used in the attack, the researchers noted. <\/p>\n<p>Further investigation of the headers indicated that more than 10% of all active IP addresses returning the headers were related to critical industries \u2014 including the petroleum industry and associated fleet services \u2014 with many of the IP addresses assigned to IoT devices with unpatched critical vulnerabilities. This highlighted &#8220;an accessible attack vector for malware operators,&#8221; according to Microsoft.<\/p>\n<p>The final clue was that most of the suspicious HTTP response headers that researchers observed were returned over a short time frame of several days, which linked them to likely intrusion and malicious activity on networks, they said.<\/p>\n<h2 class=\"regular-text\">Gaping Security&nbsp;Vulnerabilities in the Supply Chain<\/h2>\n<p>It&#8217;s no secret that the Boa Web server is full of holes \u2014 notably including arbitrary file access (<a href=\"https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2017-9833\" target=\"_blank\" rel=\"noopener\">CVE-2017-9833<\/a>) and information disclosure (<a href=\"https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2021-33558\" target=\"_blank\" rel=\"noopener\">CVE-2021-33558<\/a>) \u2014 that are unpatched and need no authentication to exploit, the researchers said.<\/p>\n<p>&#8220;These vulnerabilities may allow attackers to execute code remotely after gaining device access by reading the &#8216;passwd&#8217; file from the device or accessing sensitive URIs in the Web server to extract a user&#8217;s credentials,&#8221; they wrote.<\/p>\n<p>&#8220;Critical vulnerabilities such as <a href=\"https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2021-35395\" target=\"_blank\" rel=\"noopener\">CVE-2021-35395<\/a>, which affected the digital administration of devices using RealTek&#8217;s SDK, and <a href=\"https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2022-27255\" target=\"_blank\" rel=\"noopener\">CVE-2022-27255<\/a>, a zero-click overflow vulnerability, reportedly affect millions of devices globally and allow attackers to launch code, compromise devices, deploy botnets, and move laterally on networks,&#8221; they said.<\/p>\n<p>While patches for the RealTek SDK vulnerabilities are available, some vendors may not have included them in their device firmware updates, and the updates do not include patches for Boa vulnerabilities \u2014 factors that also make the existence of Boa Web servers in ICS ripe for exploitation, researchers added.<\/p>\n<h2 class=\"regular-text\">Current Threat Activity and Mitigation<\/h2>\n<p>Microsoft&#8217;s research indicates that Chinese attackers have successfully targeted Boa servers as recently as late October, when <a href=\"https:\/\/www.darkreading.com\/threat-intelligence\/fbi-shares-hive-ransomware-iocs-in-new-alert\" target=\"_blank\" rel=\"noopener\">the Hive threat group<\/a> claimed a ransomware attack on Tata Power in India. And in their continued tracking of the activity, researchers continued to see attackers attempting to exploit Boa vulnerabilities, &#8220;indicating that it is still targeted as an attack vector&#8221; and will continue to be one as long as these servers are in use.<\/p>\n<p>For this reason, it&#8217;s crucial for ICS network administrators to identify when the vulnerable Boa servers are in use and to patch vulnerabilities wherever possible, as well as take other actions to mitigate risk from future attacks, researchers said.<\/p>\n<p>Specific steps that can be taken include using device discovery and classification to identify devices with vulnerable components by enabling vulnerability assessments that identify unpatched devices in the network and set workflows for initiating appropriate patch processes with solutions.<\/p>\n<p>Administrators also should extend vulnerability and risk detection beyond the firewall to identify Internet-exposed infrastructure running Boa Web server components, researchers said. They also can reduce the attack surface by eliminating unnecessary Internet connections to IoT devices in the network, as well as applying the practice of isolating with firewalls all IoT and critical-device networks.<\/p>\n<p>Other actions to consider for mitigation include using proactive antivirus scanning to identify malicious payloads on devices; configuring detection rules to identify malicious activity whenever possible; and adopting a comprehensive IoT and OT solution to monitor devices, respond to threats, and increase visibility to detect and alert when IoT devices with Boa are used as an entry point to a network. <\/p>\n<p>Read More <a href=\"https:\/\/www.darkreading.com\/ics-ot\/microsoft-iot-sdks-critical-infrastructure-cyberattack\">HERE<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Chinese threat actors have already used the vulnerable and pervasive Boa server to infiltrate the electrical grid in India, in spate of malicious incidents.Read More <a href=\"https:\/\/www.darkreading.com\/ics-ot\/microsoft-iot-sdks-critical-infrastructure-cyberattack\">HERE<\/a><\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"colormag_page_layout":"default_layout","footnotes":""},"categories":[151],"tags":[],"class_list":["post-49449","post","type-post","status-publish","format-standard","hentry","category-darkreading-ti"],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v27.9 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>Microsoft: Popular IoT SDKs Leave Critical Infrastructure Wide Open to Cyberattack 2026 | ThreatsHub Cybersecurity News<\/title>\n<meta name=\"description\" content=\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security &amp; Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.threatshub.org\/blog\/microsoft-popular-iot-sdks-leave-critical-infrastructure-wide-open-to-cyberattack\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Microsoft: Popular IoT SDKs Leave Critical Infrastructure Wide Open to Cyberattack 2026 | ThreatsHub Cybersecurity News\" \/>\n<meta property=\"og:description\" content=\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security &amp; Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.threatshub.org\/blog\/microsoft-popular-iot-sdks-leave-critical-infrastructure-wide-open-to-cyberattack\/\" \/>\n<meta property=\"og:site_name\" content=\"ThreatsHub Cybersecurity News\" \/>\n<meta property=\"article:published_time\" content=\"2022-11-23T17:02:32+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/eu-images.contentstack.com\/v3\/assets\/blt66983808af36a8ef\/blte6e57f07be1b6355\/628fcd6f94ba5875e12013d4\/it-ot-iiot-Elenabsl-AdobeStock.png\" \/>\n<meta name=\"author\" content=\"TH Author\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@threatshub\" \/>\n<meta name=\"twitter:site\" content=\"@threatshub\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"TH Author\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"5 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/microsoft-popular-iot-sdks-leave-critical-infrastructure-wide-open-to-cyberattack\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/microsoft-popular-iot-sdks-leave-critical-infrastructure-wide-open-to-cyberattack\\\/\"},\"author\":{\"name\":\"TH Author\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/person\\\/12e0a8671ff89a863584f193e7062476\"},\"headline\":\"Microsoft: Popular IoT SDKs Leave Critical Infrastructure Wide Open to Cyberattack\",\"datePublished\":\"2022-11-23T17:02:32+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/microsoft-popular-iot-sdks-leave-critical-infrastructure-wide-open-to-cyberattack\\\/\"},\"wordCount\":1016,\"commentCount\":0,\"publisher\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/microsoft-popular-iot-sdks-leave-critical-infrastructure-wide-open-to-cyberattack\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/eu-images.contentstack.com\\\/v3\\\/assets\\\/blt66983808af36a8ef\\\/blte6e57f07be1b6355\\\/628fcd6f94ba5875e12013d4\\\/it-ot-iiot-Elenabsl-AdobeStock.png\",\"articleSection\":[\"DarkReading |TI\"],\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/microsoft-popular-iot-sdks-leave-critical-infrastructure-wide-open-to-cyberattack\\\/#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/microsoft-popular-iot-sdks-leave-critical-infrastructure-wide-open-to-cyberattack\\\/\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/microsoft-popular-iot-sdks-leave-critical-infrastructure-wide-open-to-cyberattack\\\/\",\"name\":\"Microsoft: Popular IoT SDKs Leave Critical Infrastructure Wide Open to Cyberattack 2026 | ThreatsHub Cybersecurity News\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/microsoft-popular-iot-sdks-leave-critical-infrastructure-wide-open-to-cyberattack\\\/#primaryimage\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/microsoft-popular-iot-sdks-leave-critical-infrastructure-wide-open-to-cyberattack\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/eu-images.contentstack.com\\\/v3\\\/assets\\\/blt66983808af36a8ef\\\/blte6e57f07be1b6355\\\/628fcd6f94ba5875e12013d4\\\/it-ot-iiot-Elenabsl-AdobeStock.png\",\"datePublished\":\"2022-11-23T17:02:32+00:00\",\"description\":\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/microsoft-popular-iot-sdks-leave-critical-infrastructure-wide-open-to-cyberattack\\\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/microsoft-popular-iot-sdks-leave-critical-infrastructure-wide-open-to-cyberattack\\\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/microsoft-popular-iot-sdks-leave-critical-infrastructure-wide-open-to-cyberattack\\\/#primaryimage\",\"url\":\"https:\\\/\\\/eu-images.contentstack.com\\\/v3\\\/assets\\\/blt66983808af36a8ef\\\/blte6e57f07be1b6355\\\/628fcd6f94ba5875e12013d4\\\/it-ot-iiot-Elenabsl-AdobeStock.png\",\"contentUrl\":\"https:\\\/\\\/eu-images.contentstack.com\\\/v3\\\/assets\\\/blt66983808af36a8ef\\\/blte6e57f07be1b6355\\\/628fcd6f94ba5875e12013d4\\\/it-ot-iiot-Elenabsl-AdobeStock.png\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/microsoft-popular-iot-sdks-leave-critical-infrastructure-wide-open-to-cyberattack\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Microsoft: Popular IoT SDKs Leave Critical Infrastructure Wide Open to Cyberattack\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#website\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\",\"name\":\"ThreatsHub Cybersecurity News\",\"description\":\"%%focuskw%% Threat Intel \u2013 Threat Intel Services \u2013 CyberIntelligence \u2013 Cyber Threat Intelligence - Threat Intelligence Feeds - Threat Intelligence Reports - CyberSecurity Report \u2013 Cyber Security PDF \u2013 Cybersecurity Trends - Cloud Sandbox \u2013- Threat IntelligencePortal \u2013 Incident Response \u2013 Threat Hunting \u2013 IOC - Yara - Security Operations Center \u2013 SecurityOperation Center \u2013 Security SOC \u2013 SOC Services - Advanced Threat - Threat Detection - TargetedAttack \u2013 APT \u2013 Anti-APT \u2013 Advanced Protection \u2013 Cyber Security Services \u2013 Cybersecurity Services -Threat Intelligence Platform\",\"publisher\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\"},\"alternateName\":\"Threatshub.org\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\",\"name\":\"ThreatsHub.org\",\"alternateName\":\"Threatshub.org\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2025\\\/05\\\/Threatshub_Favicon1.jpg\",\"contentUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2025\\\/05\\\/Threatshub_Favicon1.jpg\",\"width\":432,\"height\":435,\"caption\":\"ThreatsHub.org\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\"},\"sameAs\":[\"https:\\\/\\\/x.com\\\/threatshub\"]},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/person\\\/12e0a8671ff89a863584f193e7062476\",\"name\":\"TH Author\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"contentUrl\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"caption\":\"TH Author\"}}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Microsoft: Popular IoT SDKs Leave Critical Infrastructure Wide Open to Cyberattack 2026 | ThreatsHub Cybersecurity News","description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.threatshub.org\/blog\/microsoft-popular-iot-sdks-leave-critical-infrastructure-wide-open-to-cyberattack\/","og_locale":"en_US","og_type":"article","og_title":"Microsoft: Popular IoT SDKs Leave Critical Infrastructure Wide Open to Cyberattack 2026 | ThreatsHub Cybersecurity News","og_description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","og_url":"https:\/\/www.threatshub.org\/blog\/microsoft-popular-iot-sdks-leave-critical-infrastructure-wide-open-to-cyberattack\/","og_site_name":"ThreatsHub Cybersecurity News","article_published_time":"2022-11-23T17:02:32+00:00","og_image":[{"url":"https:\/\/eu-images.contentstack.com\/v3\/assets\/blt66983808af36a8ef\/blte6e57f07be1b6355\/628fcd6f94ba5875e12013d4\/it-ot-iiot-Elenabsl-AdobeStock.png","type":"","width":"","height":""}],"author":"TH Author","twitter_card":"summary_large_image","twitter_creator":"@threatshub","twitter_site":"@threatshub","twitter_misc":{"Written by":"TH Author","Est. reading time":"5 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.threatshub.org\/blog\/microsoft-popular-iot-sdks-leave-critical-infrastructure-wide-open-to-cyberattack\/#article","isPartOf":{"@id":"https:\/\/www.threatshub.org\/blog\/microsoft-popular-iot-sdks-leave-critical-infrastructure-wide-open-to-cyberattack\/"},"author":{"name":"TH Author","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/person\/12e0a8671ff89a863584f193e7062476"},"headline":"Microsoft: Popular IoT SDKs Leave Critical Infrastructure Wide Open to Cyberattack","datePublished":"2022-11-23T17:02:32+00:00","mainEntityOfPage":{"@id":"https:\/\/www.threatshub.org\/blog\/microsoft-popular-iot-sdks-leave-critical-infrastructure-wide-open-to-cyberattack\/"},"wordCount":1016,"commentCount":0,"publisher":{"@id":"https:\/\/www.threatshub.org\/blog\/#organization"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/microsoft-popular-iot-sdks-leave-critical-infrastructure-wide-open-to-cyberattack\/#primaryimage"},"thumbnailUrl":"https:\/\/eu-images.contentstack.com\/v3\/assets\/blt66983808af36a8ef\/blte6e57f07be1b6355\/628fcd6f94ba5875e12013d4\/it-ot-iiot-Elenabsl-AdobeStock.png","articleSection":["DarkReading |TI"],"inLanguage":"en-US","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/www.threatshub.org\/blog\/microsoft-popular-iot-sdks-leave-critical-infrastructure-wide-open-to-cyberattack\/#respond"]}]},{"@type":"WebPage","@id":"https:\/\/www.threatshub.org\/blog\/microsoft-popular-iot-sdks-leave-critical-infrastructure-wide-open-to-cyberattack\/","url":"https:\/\/www.threatshub.org\/blog\/microsoft-popular-iot-sdks-leave-critical-infrastructure-wide-open-to-cyberattack\/","name":"Microsoft: Popular IoT SDKs Leave Critical Infrastructure Wide Open to Cyberattack 2026 | ThreatsHub Cybersecurity News","isPartOf":{"@id":"https:\/\/www.threatshub.org\/blog\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.threatshub.org\/blog\/microsoft-popular-iot-sdks-leave-critical-infrastructure-wide-open-to-cyberattack\/#primaryimage"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/microsoft-popular-iot-sdks-leave-critical-infrastructure-wide-open-to-cyberattack\/#primaryimage"},"thumbnailUrl":"https:\/\/eu-images.contentstack.com\/v3\/assets\/blt66983808af36a8ef\/blte6e57f07be1b6355\/628fcd6f94ba5875e12013d4\/it-ot-iiot-Elenabsl-AdobeStock.png","datePublished":"2022-11-23T17:02:32+00:00","description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","breadcrumb":{"@id":"https:\/\/www.threatshub.org\/blog\/microsoft-popular-iot-sdks-leave-critical-infrastructure-wide-open-to-cyberattack\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.threatshub.org\/blog\/microsoft-popular-iot-sdks-leave-critical-infrastructure-wide-open-to-cyberattack\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.threatshub.org\/blog\/microsoft-popular-iot-sdks-leave-critical-infrastructure-wide-open-to-cyberattack\/#primaryimage","url":"https:\/\/eu-images.contentstack.com\/v3\/assets\/blt66983808af36a8ef\/blte6e57f07be1b6355\/628fcd6f94ba5875e12013d4\/it-ot-iiot-Elenabsl-AdobeStock.png","contentUrl":"https:\/\/eu-images.contentstack.com\/v3\/assets\/blt66983808af36a8ef\/blte6e57f07be1b6355\/628fcd6f94ba5875e12013d4\/it-ot-iiot-Elenabsl-AdobeStock.png"},{"@type":"BreadcrumbList","@id":"https:\/\/www.threatshub.org\/blog\/microsoft-popular-iot-sdks-leave-critical-infrastructure-wide-open-to-cyberattack\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.threatshub.org\/blog\/"},{"@type":"ListItem","position":2,"name":"Microsoft: Popular IoT SDKs Leave Critical Infrastructure Wide Open to Cyberattack"}]},{"@type":"WebSite","@id":"https:\/\/www.threatshub.org\/blog\/#website","url":"https:\/\/www.threatshub.org\/blog\/","name":"ThreatsHub Cybersecurity News","description":"%%focuskw%% Threat Intel \u2013 Threat Intel Services \u2013 CyberIntelligence \u2013 Cyber Threat Intelligence - Threat Intelligence Feeds - Threat Intelligence Reports - CyberSecurity Report \u2013 Cyber Security PDF \u2013 Cybersecurity Trends - Cloud Sandbox \u2013- Threat IntelligencePortal \u2013 Incident Response \u2013 Threat Hunting \u2013 IOC - Yara - Security Operations Center \u2013 SecurityOperation Center \u2013 Security SOC \u2013 SOC Services - Advanced Threat - Threat Detection - TargetedAttack \u2013 APT \u2013 Anti-APT \u2013 Advanced Protection \u2013 Cyber Security Services \u2013 Cybersecurity Services -Threat Intelligence Platform","publisher":{"@id":"https:\/\/www.threatshub.org\/blog\/#organization"},"alternateName":"Threatshub.org","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.threatshub.org\/blog\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.threatshub.org\/blog\/#organization","name":"ThreatsHub.org","alternateName":"Threatshub.org","url":"https:\/\/www.threatshub.org\/blog\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/logo\/image\/","url":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2025\/05\/Threatshub_Favicon1.jpg","contentUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2025\/05\/Threatshub_Favicon1.jpg","width":432,"height":435,"caption":"ThreatsHub.org"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/x.com\/threatshub"]},{"@type":"Person","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/person\/12e0a8671ff89a863584f193e7062476","name":"TH Author","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","caption":"TH Author"}}]}},"_links":{"self":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts\/49449","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/comments?post=49449"}],"version-history":[{"count":0,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts\/49449\/revisions"}],"wp:attachment":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/media?parent=49449"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/categories?post=49449"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/tags?post=49449"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}