Follow Slashdot stories on Twitter

 


Forgot your password?
Close
typodupeerror
×
Security

Thousands of SCADA, ICS Devices Exposed Through Serial Ports 66

Posted by samzenpus from the protect-ya-neck dept.
Trailrunner7 writes "Serial port servers are admittedly old school technology that you might think had been phased out as new IT, SCADA and industrial control system equipment has been phased in. Metasploit creator HD Moore cautions you to think again. Moore recently revealed that through his Critical IO project research, he discovered 114,000 such devices connected to the Internet, many with little in the way of authentication standing between an attacker and a piece of critical infrastructure or a connection onto a corporate network. More than 95,000 of those devices were exposed over mobile connections such as 3G or GPRS. 'The thing that opened my eyes was looking into common configurations; even if it required authentication to manage the device itself, it often didn't require any authentication to talk to the serial port which is part of the device,' Moore told Threatpost. 'At the end of the day, it became a backdoor to huge separate systems that shouldn't be online anyway. Even though these devices do support authentication at various levels, most of the time it wasn't configured for the serial port.'"
This discussion has been archived. No new comments can be posted.

Thousands of SCADA, ICS Devices Exposed Through Serial Ports More

Thousands of SCADA, ICS Devices Exposed Through Serial Ports

Comments Filter:

  • Dupe (Score:4, Informative)

    by hackshack ( 218460 ) on Wednesday April 24, 2013 @07:12PM (#43541577)

    Jan 10: Thousands of SCADA Devices Discovered on the Open Internet [slashdot.org]

    Best part is, it's the same submitter. And y'all wonder why /. is dying.

  • Re:How is this news? (Score:5, Informative)

    by dreamchaser ( 49529 ) on Wednesday April 24, 2013 @08:03PM (#43541885) Homepage Journal

    Try to convince an old plant manager he needs vpn. Try to explain to him what one is.

    It isn't as hard as you might think. "Do you lock the door to your house? A VPN is like that for your data."

    It isn't a great analogy but trust me, it works. I've used it quite a few times.

  • Re: How is this news? (Score:4, Informative)

    by dogsbreath ( 730413 ) on Wednesday April 24, 2013 @08:28PM (#43542055)

    er. . . Typically these are tied to dial up modems or to IP port servers. They are used to access systems when the secure front door is unavailable due to Internet outages, firewall problems or the access gateway being unavailable.

    You would not think anyone would be so dumb to set these up but sone may be legacy, or put in place by a local hero sysadmin.

    It may even be, get this, a contractually required remote support access point. Many vendors have a very limited concept of what is required to prevent unauthorized access. One vendor sales guy told me that it was secure because no one would know about the dial up number and they had no reported break ins at other installations.

    Sigh.

    Of course there are ways of providing secure alternative access paths but there are a lot of folk who are under the impression that obscurity is sufficient.

    Another issue besides the lack of authentication is the lack of logging and activity reporting. One outfit I did some work for spent a dinghy full of large bills on an IPS for the network side but would not pay for caller ID on their dial-up access point. Against their financial responsibility policy to pay for frivilous monthly charges.

  • Re:Dupe (Score:5, Informative)

    by Anonymous Coward on Wednesday April 24, 2013 @08:37PM (#43542119)

    Not a dupe. The SCADA segment bit is overlap, but the access method is different. This issue applies to more than SCADA, some thousands of unsecured serial port proxies were actually modern Linux and FreeBSD serial consoles, conveniently preauthenticated as root.

  • Re:Ubiquitous internet actually makes this worse (Score:4, Informative)

    by perpenso ( 1613749 ) on Wednesday April 24, 2013 @08:40PM (#43542149)

    That's the issue when people use security by obscurity. The obscurity was the difficulty in networking the serial port. Anything made in the past 20 years should have had an Ethernet port and real security. Yes, even this SCADA stuff.

    Its more security through physical access, not so much obscurity. The original intent was probably to give a tech in the room, or a user in a nearby room, access. Also its the ease of turning a serial port into a remote connection that is at the heart of the problem.

    YMMV but such stuff I worked on in the 90s had multilevel (user, tech, admin, ...) passwords, even on serial port access. Ethernet or serial port, it makes no difference when the site does not change the passwords from their factory settings.

  • Re:With "smart grid" or "smart cities" coming (Score:2, Informative)

    by BitZtream ( 692029 ) on Wednesday April 24, 2013 @11:16PM (#43542965)

    T1s are government regulated circuits with federal laws regarding uptime. They are never cheap, anywhere in the US, ever. They are considered vital infrastructure by law. The provider HAS to keep them working.

    A T1 worth of bandwidth is cheap. A T1 is not.

    No one will sell you an actual T1 local loop for $600 even if the end point is the room next door.

    You're slinging around words you clearly don't actually use.

Slashdot Top Deals

"A child is a person who can't understand why someone would give away a perfectly good kitten." -- Doug Larson

Close