Industrial control systems on the net without access protection
In his workshop entitled "Building, Attacking And Defending SCADA Systems in the Age of Stuxnet" at the Black Hat conference, security expert Jonathan Pollet has warned that some programmable logic controllers (PLCs) used to control industrial facilities are accessible on the internet without any access protection. An article on CNET said that the expert managed to use Google to track down the unprotected control interface of a transformer that is used at an electricity substation in the UK.
Reportedly, no password was required and Pollet could have taken full control, for instance to cause a power outage. Expert Tom Parker, who tracked down the web interface of a pump control system via Google, was a co-presenter at the event. Parker said that the interface was password protected, but that a password – "1234" – was evident among the search results.
The controls of industrial facilities are governed by the SCADA standards that define aspects including the communication with the control systems. However, Pollet points out that many programmable logic controllers aren't designed to being connected to and accessible from the internet: "Most SCADA protocols do not use encryption or authentication, and they don't have access control built into them or the device itself. This means that when a PLC has a web server and is connected to the internet, anyone who can discover the internet protocol address can send commands to the device, and the commands will be performed."
This problem had already been pointed out by German security researcher Oliver Sucker back in May. The researcher managed to use a special search engine to access the PLCs of various energy suppliers across Europe. In his test, he also found companies in the food industry whose systems were available on the net without any access protection.
- Critical vulnerability in industrial control software , a report from the H.
- Siemens fixes vulnerabilities in automation systems, a report from the H.
- SCADA system vulnerable to ActiveX control attack, a report from the H.