Researchers Find Slew of Flaws In SCADA Hardware, Software

Trailrunner7 writes "At the S4 security conference this week, 'Project Basecamp,' a volunteer-led security audit of leading programmable logic controllers (PLCs), performed by a team of top researchers found that decrepit hardware, buggy software and pitiful or nonexistent security features make thousands of PLCs vulnerable to trivial attacks by external hackers that could cause PLC devices to crash or run malicious code. 'We were looking for a Firesheep moment in PLC security,' Peterson told the audience of ICS security experts. They got one. 'It's a blood bath mostly,' said Wightman of Digital Bond. 'Many of these devices lack basic security features.' While the results of analysis of the various PLCs varied, the researchers found significant security issues with every system they tested, with some PLCs too brittle and insecure to even tolerate security scans and probing."

Awww!

[PPH]

We just got a great deal on some barely used USB sticks from Iran. Only plugged into their centrifuge controllers once.

Re:Completely Irresponible

[deniable]

Very funny. We've all known these things are vulnerable for more than a decade and nobody has done anything about it. The shame of these researchers is not divulging the information but in picking such low-hanging fruit. This is like discovering holes in Outlook 97.