BSI warns of security gaps: gateway to clouds and door locks?

0

BSI issues warning level red
Server security flaw could be a hacker’s backdoor in widespread cloud services and digital door locks

Cable on a server: The Federal Office for Information Security (BSI) sounds the alarm about a serious security gap

© Jochen Tack / Picture Alliance

A security gap caused a race between IT experts and online criminals at the weekend. The vulnerability could give attackers easy access to servers. In addition to cloud services, digital door locks could also be targets for hackers.

A serious vulnerability in the logging library “Log4j” of the Java programming language kept the IT world in suspense over the weekend. According to information from the “mirrorAccording to the report from the Federal Office for Information Security (BSI), “several points in the federal administration are also affected.” A weak point with this distribution also affects the federal administration. The authority is aware of individual vulnerable systems and it appropriate protective measures have already been initiated.

So far there has been no evidence that the weak point in the federal administration has actually been exploited. According to the BSI, the problem has already been resolved in at least some cases.

The extent of the threat is difficult to determine

Background: IT security experts are sounding the alarm about the vulnerability that threatens servers in the network across the board. The BSI raised its warning level on the security gap from orange to red on Saturday.

There are attempts at attacks around the world, some of which have been successful, it said to justify, among other things. “The extent of the threat situation cannot currently be conclusively determined.”

The weak point lies in a widely used library for the Java software. The vulnerability could mean that attackers could possibly execute their software code on the servers. For example, they could use this to run their malware there. The vulnerability is limited to a few versions of the library called Log4j. However, nobody has a full overview of where the endangered versions of Log4j are being used.

Inventors of the world: In Kyoto in 1994, German developers showed their revolutionary "God machine" Terravision

Berlin project Terravision

They developed a predecessor to Google Earth. Then the fight with the US company began

The consequences cannot yet be assessed

“At the moment it is not yet known in which products this library is used, which means that at this point in time it is not yet possible to estimate which products are affected by the vulnerability,” said the BSI. “If the manufacturer makes updates available, these should be installed immediately,” recommended the office to the service providers.

Log4j is a so-called logging library. It is there to record various events in server operation like in a log book – for example for a later evaluation of errors. The vulnerability can be activated simply by saving a certain string of characters in the log. This makes it rather easy to exploit, which has caused great concern for experts. The problem was noticed on Thursday on servers for the online game “Minecraft”. According to the “Spiegel”, services such as Amazon’s AWS cloud service and Apple’s iCloud were also affected.

Apple’s annual review

These were the Germans’ favorite apps this year


Best-selling iPhone app - Blitzer.de Pro With the new catalog of fines, speed cameras have become even more expensive on the road. The warning app "Blitzer.de Pro" but was the bestseller in the App Store long before that. As in previous years, it is again the best-selling app for the iPhone this year. Place App name Price in euros 1 Blitzer.de PRO 0.49 2 Threema. Secure Messenger 3.99 3 Oh dear, I'm growing! 3.99 4 food with love 3.99 5 Forest - Stay focused 1.99 6 AutoSleep sleep tracker 4.99 7 WeatherPro 0.99 8 GoodNotes 5 7.99 9 TouchRetouch 1.99 10 ADAC Camping / Stellplatz 2021 8.99

Best-selling iPhone app – Blitzer.de Pro
With the new catalog of fines, speed cameras have become even more expensive on the road. The warning app “Blitzer.de Pro” had long been the bestseller in the App Store. As in previous years, it is again the best-selling app for the iPhone this year.

placeApp nameprice in euro
1Blitzer.de PRO0.49
2Threema. Secure messenger3.99
3Oh dear, I’m growing!3.99
4thfood with love3.99
5Forest – stay focused1.99
6thAutoSleep sleep tracker4.99
7thWeatherPro0.99
8thGoodNotes 57.99
9TouchRetouch1.99
10ADAC Camping / Stellplatz 20218.99

More


Experts warn of security vulnerabilities

IT security companies and Java specialists worked on the weekend to plug the vulnerability. An update is now available for the affected versions of the open source Log4j library. However, its protection only takes effect when service providers install it. That’s why the firewall specialist Cloudflare built in a mechanism for its customers to block attacks. Experts warned that it is not just online systems that are at risk. A QR scanner or a contactless door lock could also be attacked if they used Java and Log4j, emphasized Cloudflare.

The IT security industry saw a race with online criminals who, for their part, automatically search for vulnerable servers. “At the moment the priority is to find out how widespread the problem really is,” said Rainer Trost of the IT security company F-Secure. “Unfortunately, it’s not just security teams but hackers who work overtime trying to find the answer.” Attackers could now only build inconspicuous backdoors for themselves with the help of the gap, warned Trost. “The actual attacks will certainly take place weeks or many months later.”

pink
AFP
DPA

#Subjects

source site-5