Last Thursday, Microsoft informed about a recently closed, serious security gap in the Azure database service "CosmosDB", which is also used by the smapOne platform. According to current knowledge, the CosmosDB of the smapOne platform was not affected, unauthorized data access by third parties due to this vulnerability is almost impossible.
As part of the introduction of a new feature of the Microsoft Azure database CosmosDB, Microsoft introduced a security gap via this feature that would have allowed knowledgeable hackers to gain full access to the databases via this service. The vulnerability was discovered via an IT security specialist at Wiz and reported to Microsoft (and the exploit christened "ChaosDB"). Microsoft immediately disabled the feature until the gap was fixed, so currently the use of this exploit is no longer possible. More information can be found at Wiz, the company that discovered the gap.
Why is smapOne not affected?
smapOne does not use the CosmosDB feature that enabled the exploit - and never did. However, according to Wiz, the feature was automatically enabled on any new CosmosDB created after January 21 and only automatically disabled if it was not used within the first three days. The smapOne CosmosDB was created before the period in question, so an automatic activation of the problematic feature did not take place. An immediate analysis of the log files did not reveal any suspicious accesses. According to the current state of information, improper access to the CosmosDB of the smapOne platform can therefore be ruled out.
What does smapOne do to counter such dangers?
smapOne exchanged the database keys immediately after learning about the exploit to be on the safe side. In addition, the Azure services used by smapOne (such as CosmosDB) are protected from external access in a kind of virtual network - only clearly defined and authorized smapOne systems are even allowed to communicate with CosmosDB through this virtual firewalling. Even in the case of security vulnerabilities such as the current ChaosDB exploit, this provides an additional security threshold to overcome before attacks on the database can be carried out.
If you have any questions about this, please reach out to your smapOne contact or send us an email at firstname.lastname@example.org.