Slashdot Mirror

← Back to Stories (view on slashdot.org)

Italian Hacker Publishes 0day SCADA Hacks

Posted by timothy on from the how-to-turn-on-the-hot-water dept.

mask.of.sanity writes "An Italian security researcher, Luigi Auriemma, has disclosed a laundry list of unpatched vulnerabilities and detailed proof-of-concept exploits that allow hackers to completely compromise major industrial control systems. The attacks work against six SCADA systems, including one manufactured by U.S. giant Rockwell Automation. The researcher published step-by-step exploits that allowed attackers to execute full remote compromises and denial of service attacks. Auriemma appeared unrepentant for the disclosures in a post on his website."

6 of 106 comments (clear)

  1. Isolated networks are A Good Thing by davidwr · · Score: 4, Insightful

    Isolated networks are your friend.

    It won't stop insider attacks or naive-person-inserts-poisoned-USB-attacks but it's a good first step.

    As for naive employees: Train your people well.

    --
    Knowledge is how to play a game, intelligence is how to win, wisdom is knowing what game to play.
    1. Re:Isolated networks are A Good Thing by UdoKeir · · Score: 3, Informative

      To be honest, an insider attack can just as easily be carried out with a large hammer.

    2. Re:Isolated networks are A Good Thing by LoRdTAW · · Score: 3, Informative

      The Stuxnet worm proved that even isolated networks are vulnerable. Besides there is tons of valuable data and metrics on those networks that needs to make its way to plant managers who may or may not be onsite. That data also makes it way into reports that show plant efficiency and keep track of problems that pop up. Its difficult to isolate that data from the rest of the world.

      We need to face facts that many automation protocols are severely dated and insecure. Has anyone ever heard of Modbus? Its an industrial communications protocol that was developed by Modicon in the late 70's and is STILL used today. Its 100% insecure and can be used to write to registers and "coils" on many PLC's/PAC's. Originally it ran over rs232/422/485 networks but today it has a modern TCP version called ModbusTCP. And that has no authentication built in. As long as you can talk to that PLC you can write to any of its registers. Other protocols are also wide open such as the massively popular Profibus/ProfiNET, and etherNet/IP (IP stands for industrial protocol).

      There are dozens of automation controller manufactures out there. Many using these insecure protocols with no replacements in sight. Plus add to that that many end devices that communicate with these controllers are pretty simple in design, pressure gauges, temperature sensors, valve islands motion controllers, etc. are simple in design and implementing a security layer between them is not easy. Modbus is simply a send command to read a register or coil and a simple response. The only other setup is usually setting an 8 bit device address that is accomplished via a set of rotary or dip switches.

      Until someone that is big in the industry (Schneider/Modicon, Allen Bradley, Siemens or Rockwell) comes out with a secure protocol that is simple, reliable and open to anyone to implement, there wont be any change. The only security is to isolate networks and pray no one infects computers inside the control network.

  2. Its not that hard! by inasity_rules · · Score: 4, Insightful

    Most SCADA's are still bound to COM. Easiest way to get DCOM working; disable *ALL* security. When you're commissioning a site, and the hardware is being finicky, the last thing you want to do is spend 9 hours debugging some obscure DCOM glitch specific to server 2003 service pack 1 (the only system some of this stuff runs on), so it isn't hard to see why most people have zero security.

    Bring on the days of OPC UA, which makes security possible without having a hernia!

    --
    I have determined that my sig is indeterminate.
    1. Re:Its not that hard! by hjf · · Score: 3, Interesting

      2003 SP1? HA! I've seen stuff running on Win98, because the electric engineers in charge are out of their league when it comes to computers, and win98 "just works"

      I took some PLC introduction course in 2006 or 2007 and the guy was bitching about linux, because linux doesn't have support. And he liked linux because it's stable, but manufacturers only support Windows, and the only way to be SURE that your software is going to work AND last for many years, is to use a not-so-new computer. I'm glad that guy only does small things like cooling control and wood drying facilities.

      But at least he got one thing right: All the control LOGIC has to be in the PLCs. The SCADA is for a nice GUI and logging ONLY. You should add enough buttons, switches and lights to make the system fully usable even if all the SCADA computers are down. And that doesn't mean "manual override", which is something else you should have too.

      I doubt there are applications where a SCADA system should be making decisions.

  3. Re:You cant blame him by said213 · · Score: 5, Insightful

    That it's 'in the open' just means that there is an urgency to correct these problems... problem being; that urgency existed prior to public disclosure.

    Better to have this information publicly disclosed and subject to scrutiny than the previous system... which involved, apparently, obfuscating or ignoring vulnerabilities or gross incompetence of those responsible for detecting such vulnerabilities.

    --
    help me fix this "Terrible" karma, please!