Hackers Gain "Full Control" of Critical SCADA Systems

mask.of.sanity writes "Researchers have found holes in industrial control systems that they say grant full control of systems running energy, chemical and transportation systems. They also identified more than 150 zero day vulnerabilities of varying degrees of severity affecting the control systems and some 60,000 industrial control system devices exposed to the public internet."

i hope people with SCADA systems learned.

[Gravis+Zero]

do NOT connect SCADA systems to the internet.

Some of them expose to the internet via VNC...

[M0HCN]

At 30C3 someone ran a portscan on the VNC port of the entire IPv4 internet, with 'interesting' results, highlights of which included a swimming pool chemical dosing control system, various power generation and control systems, building environmental control systems, air handlers, all sorts of wild and whacky things, some of them lacking in even the rudiments of passwords never mind proper crypto....

The best one looked to me like a medium voltage distribution cabinet where the setpoints on the overload trips looked like they could be reconfigured from the internet!

Ahh the things you can do in reasonable time with a 100Gb/s of bandwidth, the rsulting slides at the closing event (which is where I ran across it) were very, very scary.

SCADA on the internet is a really, really bad thing.

73 M0HCN. :wq

Re:These issues have been flagged for 10 years

It's not about sympathy, it's about the effective destruction of our entire infrastructure without dropping a single bomb. The first sign that China or Russia is at war with us will be all our utilities and factories going dark. This is everyone's concern.