Researcher Finds Nearly Two Dozen SCADA Bugs In a Few Hours

Trailrunner7 writes "It is open season on SCADA software right now. Last week, researchers at ReVuln, an Italian security firm, released a video showing off a number of zero-day vulnerabilities in SCADA applications from manufacturers such as Siemens, GE and Schneider Electric. And now a researcher at Exodus Intelligence says he has discovered more than 20 flaws in SCADA packages from some of the same vendors and other manufacturers, all after just a few hours' work."

When the light turns on...

[PlusFiveTroll]

When the light turns on, the roaches scurry. SCADA has been ignored by infosec up till now. Many of these systems are old, or are new systems not designed any different then they were in the 80's or 90's. It's not hard to find low hanging fruit when you're the first person picking it. Give 'the system' a few years and it won't be any different then Linux and Windows bug hunting now.... once you convince everyone to upgrade, that is.

Re:When the light turns on...

[vlm]

Give 'the system' a few year

I've been hearing anti-scada fud for about two decades and it never gets any better.

I suppose as agitprop the early 1980s movie "wargames" is pretty good anti-scada. Or claims that Kevin Mitnick can whistle into a telephone thus launching nuclear missiles. There was a cheesy hollywood horror/action movie in the late 80s or 90s that could basically be subtitled "misterhouse grows into a skyscraper and has a tantrum killing everyone inside". I distinctly remember a 6-million dollar man or 6-million dollar woman (a late 1970s psuedo-scifi tv show) which had a nuclear power plant scada attack, with a friendly computer that donated a 7400 series TTL logic chip to repair the magic prosthesis that was LOL funny at the time. There is also at least one anti-scada james bond movie, probably 80s era but I can't remember the details. Oh and there was a cheesy 80s "hacking" TV kids show perhaps the "whiz kids" or something that also had a anti-scada plotline.

There's about 50 zillion star trek episodes and movies which basically show a scada attack on a warship. Most notably when Kirk drops Kahn's shields remotely and pretty much blows his ship up in ST2. But there's about 49 other examples.

This would be a fun /. article... everybody troll the depths of your memory to build a timeline of anti-scada FUD.

segmentation

This is why SCADA needs to be built out separately from your data network.

Re:segmentation

This is why SCADA needs to be built out separately from your data network.

While that is indisputably a good idea, it does not cover all the bases. Disgruntled employees, industrial espionage, and state-sponsored sabotage (in the case of critical or defense industries) won't let a silly air gap stop them.

As Iran learned at its peril.

firewalls!

[pointyhat]

Everyone knows about the holes, including the manufacturers. They're designed to operate on controlled, private networks. Every time someone gets hacked, they should go after the implementors, not the vendors as they should factor security onto their site designs. I'm not excusing the manufacturers, just people need to know this is engineering and not infosec - people buy black boxes which do stuff and that's all that matters to them.

Re:firewalls!

[tlhIngan]

Everyone knows about the holes, including the manufacturers. They're designed to operate on controlled, private networks. Every time someone gets hacked, they should go after the implementors, not the vendors as they should factor security onto their site designs. I'm not excusing the manufacturers, just people need to know this is engineering and not infosec - people buy black boxes which do stuff and that's all that matters to them.

The problem is even airgapped networks can be broken into. See stuxnet and flame - they exploited several machanisms to install themselves onto airgapped networks. It also went to show that even airgaps can be broken into if you don't need much in the way of return information - you just need to get onto the network, and not send data back out. Heck, the USAF had their UAV computers infected with a virus.

The weakest part of an airgapped network is the maintenance thereof - add some new PLCs to the network? Well, they have to be configured to work with everything else, so someone has to plug something into it to configure it. And that something is unknown - it could be a technician's laptop, it could be a thumb drive, etc.

The thing is, an airgapped network has to be maintained, and it's really hard to do so without at some point having to plug something in-between the gap. (For Stuxnet, it was a software update or other thing, for the USAF, it was... map updates). And at some point, data has to be transported across

Heck, even the thumbdrive isn't invulnerable - it could for example be infected during manufacturing.

In the end, all networks are interconnected. Some less so than others, but eventually they will have to be in some shap or form.

Re:WTF is SCADA then?

[RobbieCrash]

Where's the lazy editing? It's not like this is the first SCADA story on /.. Are we going to start defining every non-everyday term in a summary?

"Researchers have identified a hole (an overlooked security concern) in the TCP (Transmission Control Protocol a system of information transmission that aids in reliable data transfer) layer (a metaphorical layer in a sandwich of other layers each of which pertain to certain elements of the network stack (the combination of hardware (physical parts of a computer) and software (the computer code that resides on a computer's storage that makes up a computer program) that allow a computer to /talk/ to another computer over a network)) of Windows (a computer operating system (a complex computer program that coordinates and translates software requests into hardware actions))."

Re:"Industrial Use" doesn't mean what you think

[mcl630]

Nothing in your rant has anything to do with SCADA.