Become a fan of Slashdot on Facebook

 


Forgot your password?
Close
typodupeerror
×
Security

Thousands of SCADA, ICS Devices Exposed Through Serial Ports 66

Posted by samzenpus from the protect-ya-neck dept.
Trailrunner7 writes "Serial port servers are admittedly old school technology that you might think had been phased out as new IT, SCADA and industrial control system equipment has been phased in. Metasploit creator HD Moore cautions you to think again. Moore recently revealed that through his Critical IO project research, he discovered 114,000 such devices connected to the Internet, many with little in the way of authentication standing between an attacker and a piece of critical infrastructure or a connection onto a corporate network. More than 95,000 of those devices were exposed over mobile connections such as 3G or GPRS. 'The thing that opened my eyes was looking into common configurations; even if it required authentication to manage the device itself, it often didn't require any authentication to talk to the serial port which is part of the device,' Moore told Threatpost. 'At the end of the day, it became a backdoor to huge separate systems that shouldn't be online anyway. Even though these devices do support authentication at various levels, most of the time it wasn't configured for the serial port.'"
This discussion has been archived. No new comments can be posted.

Thousands of SCADA, ICS Devices Exposed Through Serial Ports More

Thousands of SCADA, ICS Devices Exposed Through Serial Ports

Comments Filter:

  • Ubiquitous internet actually makes this worse (Score:5, Insightful)

    by mpoulton ( 689851 ) on Wednesday April 24, 2013 @07:28PM (#43541655)
    Back in the olden days, equipment like this had serial port configuration interfaces which were intended for use by nearby administrators, via terminals and small local networks with no connectivity beyond the local facility. If longer distance administration was required, it was over dedicated copper loops. The internet was simply not used for these kinds of systems, and the idea that those devices would ever end up on a globally-accessible network with millions of untrusted devices was incomprehensible. As technology developed and the internet took over as the primary means of long-distance networked communication, these legacy devices were incorporated into a network environment that their engineers had never even considered. It's just not what they were made for. The devices are not to blame. Engineers and administrators who put them on public networks certainly are.

  • Define "old" ... (Score:5, Insightful)

    by perpenso ( 1613749 ) on Wednesday April 24, 2013 @08:18PM (#43541981)

    Try to convince an old plant manager he needs vpn. Try to explain to him what one is.

    Define "old". Some 50 year olds were playing with TRS-80, Commodore PET and Apple II computers when they were kids in high school. I think we are at, or soon will be, past the point where "old" equates to unfamiliarity with digital technology.

  • Re:Ubiquitous internet actually makes this worse (Score:5, Insightful)

    by Darinbob ( 1142669 ) on Wednesday April 24, 2013 @08:39PM (#43542131)

    Don't treat these all as legacy devices either. Brand new devices manufactured today still have serial ports. They're often on protocols other than a simple command line, and an RS232 or RS485 connection are robust and versatile.

    The alternative to a serial port with command line? Ethernet with command line, which is every bit as insecure. All the article really points out is that sometimes people forget about security, since there is nothing inherently insecure about a serial port. I just read this as people being surprised that technology from the past is still in use; next up complaints about how we still use archaic concepts like the wheel, inclined plane, and lever.

    Ie, get a secure connection to the terminal server, then normal serial port to the actual device. No one is going to be snooping on the serial line itself any more than they'd be snooping on the ethernet cable. The insecure part is the internet.

  • Re:Ubiquitous internet actually makes this worse (Score:4, Insightful)

    by fluffy99 ( 870997 ) on Wednesday April 24, 2013 @10:59PM (#43542885)

    In the systems I've seen, they are using stuff like MoxaPorts for serial to ethernet. It's done as either serial to serial tunneling over ethernet, or one side is a computer with the lantronix serial redirector client installed. The devices require a password to configure, but typically access to the serial port is simply telneting to port 10001 and there is zero security unless the serial port on the device has access controls. Engineers like the simplicity of setting it up and usually don't consider that everyone else on the network can too.

  • Re:Define "old" ... (Score:2, Insightful)

    by Anonymous Coward on Thursday April 25, 2013 @01:57AM (#43543529)

    Some day you'll be at the point where you don't equate 50 with "old."

Slashdot Top Deals

Saliva causes cancer, but only if swallowed in small amounts over a long period of time. -- George Carlin

Close