Industrial Control Software Easily Hackable - Slashdot

Follow Slashdot blog updates by subscribing to our blog RSS feed

×

Industrial Control Software Easily Hackable 194

Posted by Soulskill on Saturday October 27, 2012 @08:02PM from the raise-your-hand-if-you-are-surprised dept.

jfruh writes "CoDeSys, a piece of software running on industrial control systems from hundreds of vendors, has been revealed to be easily hackable by security researchers, giving rise to a scenario where computer hacking could cross the line into the physical world. Worse, many of these systems are unneccessarily connected to the Internet, which is a terrible, terrible idea."

This discussion has been archived. No new comments can be posted.

Industrial Control Software Easily Hackable

Search 194 Comments Log In/Create an Account

Comments Filter:

Enter Kaspersky (Score:1, Informative)

by Anonymous Coward writes: on Saturday October 27, 2012 @08:12PM (#41793027)

Kaspersky says they'll come up with a new OS specifically designed to protect industrial control systems from hacking and sabotage.
http://www.pcmag.com/article2/0,2817,2411052,00.asp

Share
twitter facebook
Yup (Score:5, Informative)

by 50000BTU_barbecue ( 588132 ) writes: on Saturday October 27, 2012 @08:13PM (#41793043) Journal

Having recently switched fields from high-end telecom gear to industrial machinery, I can confirm this. The industry works with what hardware they know. I last worked in the field two decades ago, and now I see the same Cutler-Hammer contacts, the same Schadow switches, the same Schroff and Rittal metal works, the same Panduit wire ducts, the same Oriental motor drives, the same Allen Bradley PLCs... Oops, that PLC now has an ethernet port? The PLC looks the same as before, a grey box covered in screw terminals, but apparently it must have changed from a 6809 running GRAFCET to some sort of modern porous monstrosity needlessly running a 64 bit OS with so much unverifiable code.
It's not necessary.

Share
twitter facebook
Re: the Challenger Disaster? (Score:4, Informative)

by dgharmon ( 2564621 ) writes: on Saturday October 27, 2012 @09:52PM (#41793657) Homepage

"Did professional engineers prevent the Challenger Disaster?"

No, nor did they cause it, what did cause the disaster was political interference, such as the decision to manufacture the solid booster rockets in another state, necessitating them being made from segments bonded together with O-rings .. ref [wikipedia.org]

Parent Share
twitter facebook
Re:Professionalization of software (Score:3, Informative)

by Anonymous Coward writes: on Saturday October 27, 2012 @09:58PM (#41793699)

"Did professional engineers prevent the Challenger Disaster?"
No, they did not. They tried like hell to prevent it, they were quite certain there was going to be an issue, because they knew the seals failed with lower temperatures, and seals had failed at temperatures not as extreme as on that day, so they were pretty certain there would be a problem and tried to stop the lunch. Sadly, it was not the engineers who were ultimately responsible for that launch, but folks more worried about bad PR.
So, what was your point?

Parent Share
twitter facebook
It's more about lack of knowledge (Score:5, Informative)

by WebCowboy ( 196209 ) writes: on Sunday October 28, 2012 @02:43AM (#41794733)

The CAT5 cable I'd traced about 180 meters across the plant going back into the office internet connection was setup to allow this process to complete, since they had apparently failed to do it earlier when the system was OOTB but not yet hooked up.
Assuming it was all Rockwell/Allen+Bradley gear then it was undoubtedly the FactoryTalk Activation system they were struggling with, and they were undoubtedly unqualified to be doing the work they were assigned to do (disclosure: I am a former Rockwell Automation employee so I have familiarity with the subject, but apart from that I do not speak on behalf of any employer past or present here).
First and foremost, Allen+Bradley(AB) PLCs don't need activations, so the licensing really isn't relevant to this story. AB makes a crap-pile of profit on that hardware the moment they've sold you the box--activation makes no sense. What DOES need to be activated (and is what creates profit for the Rockwell Software division) is the RSLogix programming software, without which the PLC is as useful as a doorstop. So unless they were completely clueless they'd have just taken their laptop into the office and activated their software then come back, rather than break all sorts of IT, security and safety rules stringing out 180m of CAT5 and a spare switch to get internet. The same goes for their drives--the drive units don't need activating but DriveTools software on the programming laptop may have.
That said, there may have been an industrial PC like a VersaView or third-party unit running the Rockwell HMI software and was bolted into the cabinet with un-activated software for some reason, but Rockwell/AB have thought of that...
The legacy licensing system used utility software called "EVMove" and relied on "master disks" (towards the end you could set up a USB flash drive) and in the field this was a royal pain in the ass--floppies and their drives are far too sensitive for such an environment, and USB memory sticks are terrible to manage and secure. Thus the development of the FactoryTalk Activation internet service-based scheme. Though it requires the internet the end system does not need to be connected to activate. The easy "wizard" way sends a "host ID" (the ethernet MAC address or some such number) from the end device to Rockwell via the internet. However, you can actually write down the mac address, or generate the hostID file on the target machine, then go to an internet-connected computer and type the hostID into a secure web form or upload the hostID file. The website then generates a license file that you can save to removable media or a laptop/portable machine to take over to the target machine physically, thus preserving the air gap (and making the method more similar to the old EVMove floppy method).
I do agree that licensing/DRM/activation is a big problem that costs end users millions of dollars globally (above and beyond the actual purchase cost of the products). It adds complication and downtime and confusion and contributes exactly zero value to its users. One might argue about its value to the vendor as well--FactoryTalk activation and many other similar schemes are just as trivial to circumvent as CoDeSys' ladder logic runtime for hackers, and adds the burden of extra support costs from the honest users it keeps honest. But the problem in industrial automation is bigger than that. The problem is that the world in general moves faster than industrial control systems can keep up, and the people who have "experience" honed their skills in the mid 1990s or earlier and haven't kept up. In the meantime, PHBs of the world in management and government demand of them far more than they are capable of delivering.
It used to be that refineries/factories/etc were content with paper chart recorders where operators and plant managers could peruse them if something came up to troubleshoot. Then came data recorders where you could plug in a serial cable or transfer via floppy to a computer for more deta
Read the rest of this comment...

Parent Share
twitter facebook

There may be more comments in this discussion. Without JavaScript enabled, you might want to turn on Classic Discussion System in your preferences instead.

Related Links Top of the: day, week, month.

390 comments32-Hour Workweek for America Proposed by Senator Bernie Sanders
358 commentsWhat Should Happen to Empty Downtown Office Spaces?
340 commentsHacktivism Erupts In Response To Hamas-Israel War
324 comments'Feedback' Is Now Too Harsh. The New Word is 'Feedforward'
248 commentsWorkers are Resisting Calls to Return to Offices

Without life, Biology itself would be impossible.