Italian Hacker Publishes 0day SCADA Hacks 106
mask.of.sanity writes "An Italian security researcher, Luigi Auriemma, has disclosed a laundry list of unpatched vulnerabilities and detailed proof-of-concept exploits that allow hackers to completely compromise major industrial control systems. The attacks work against six SCADA systems, including one manufactured by U.S. giant Rockwell Automation. The researcher published step-by-step exploits that allowed attackers to execute full remote compromises and denial of service attacks. Auriemma appeared unrepentant for the disclosures in a post on his website."
Re:Isolated networks are A Good Thing (Score:4, Informative)
Re:Isolated networks are A Good Thing (Score:4, Informative)
The Stuxnet worm proved that even isolated networks are vulnerable. Besides there is tons of valuable data and metrics on those networks that needs to make its way to plant managers who may or may not be onsite. That data also makes it way into reports that show plant efficiency and keep track of problems that pop up. Its difficult to isolate that data from the rest of the world.
We need to face facts that many automation protocols are severely dated and insecure. Has anyone ever heard of Modbus? Its an industrial communications protocol that was developed by Modicon in the late 70's and is STILL used today. Its 100% insecure and can be used to write to registers and "coils" on many PLC's/PAC's. Originally it ran over rs232/422/485 networks but today it has a modern TCP version called ModbusTCP. And that has no authentication built in. As long as you can talk to that PLC you can write to any of its registers. Other protocols are also wide open such as the massively popular Profibus/ProfiNET, and etherNet/IP (IP stands for industrial protocol).
There are dozens of automation controller manufactures out there. Many using these insecure protocols with no replacements in sight. Plus add to that that many end devices that communicate with these controllers are pretty simple in design, pressure gauges, temperature sensors, valve islands motion controllers, etc. are simple in design and implementing a security layer between them is not easy. Modbus is simply a send command to read a register or coil and a simple response. The only other setup is usually setting an 8 bit device address that is accomplished via a set of rotary or dip switches.
Until someone that is big in the industry (Schneider/Modicon, Allen Bradley, Siemens or Rockwell) comes out with a secure protocol that is simple, reliable and open to anyone to implement, there wont be any change. The only security is to isolate networks and pray no one infects computers inside the control network.