Hackers Could Blow Up Factories Using Smartphone Apps

An anonymous reader quotes a report from MIT Technology Review: Two security researchers, Alexander Bolshev of IOActive and Ivan Yushkevich of Embedi, spent last year examining 34 apps from companies including Siemens and Schneider Electric. They found a total of 147 security holes in the apps, which were chosen at random from the Google Play Store. Bolshev declined to say which companies were the worst offenders or reveal the flaws in specific apps, but he said only two of the 34 had none at all. Some of the vulnerabilities the researchers discovered would allow hackers to interfere with data flowing between an app and the machine or process it's linked to. So an engineer could be tricked into thinking that, say, a machine is running at a safe temperature when in fact it's overheating. Another flaw would let attackers insert malicious code on a mobile device so that it issues rogue commands to servers controlling many machines. It's not hard to imagine this causing mayhem on an assembly line or explosions in an oil refinery. The researchers say they haven't looked at whether any of the flaws has actually been exploited. Before publishing their findings, they contacted the companies whose apps had flaws in them. Some have already fixed the holes; many have yet to respond.

FUD

Oh look, it's the hackers can bomb you with you own computer headline again.
This time featuring smartphones and apps oh boy that changes everything!

Re:FUD

[hey!]

Well, factories are full of stuff that can kill people and controlling those things with something an operator might treat as a personal device certainly increases the attack surface.

So maybe we're not talking about new possibilities here, but we may be talking about a new set of probabilities.

Re:FUD

But why bother when a dump truck bomb would work so much better?

Re: FUD

Because civilized nations use covert operations to make it look like an accident. Dump truck bombs make you look inept to the other world powers.

Re:FUD

[hey!]

Oh, come now. You can't figure out why a *remote attack* that can be executed against a virtually limitless number of targets using their own facilities and leaving no forensic trail back to you might not be just a teensy bit preferable to a truck bomb?

Re:FUD

[Darinbob]

Why would any important system be controlled by a smartphone app anyway, that's just dumb. And why would these apps be put on Google Play for the public to see? No operator is going to use an app to control machinery, instead they're going to look at the dials, use an official computer on-site, and so forth. Maybe in the IT world the sysadmin works from home, but in any mission critical application the workers are always on site.

Any apps used are likely for field service workers to get a quick update (what jobs are left to do, verify that changes are being propogated before packing up, etc). Even then, have you tried using a smartphone or tablet while wearing safety gloves?

It would be nice to see some examples of the kind of apps that are being used this way in the article.

Re:FUD

[AHuxley]

The new cyber command funding will allow the NSA and GCHQ to follow any forensic trail back to any computer anywhere in real time.

Re:FUD

[coracle_india]

Google play store also check for the breaches in the applications hosted on it. Go through this link to know more. ==> http://www.coracle.in/

Re: FUD

[mugurel]

Dump truck bombs make you look inept to the other world powers.

In a way, you are saying that using Dump trucks makes you look like Trump. <ducks/>

Re:FUD

[TheDarkMaster]

Yep, FUD. Any half-engineer puts electrical and mechanical limits to prevent multi-million dollar equipment to do things that they should not, even when the electronics (the computer) try to give orders to do so. This is the fault of those ridiculous hollywood movies that try to pass the retarded idea that a scriptkiddie with a computer can control anything.

Re:FUD

[johnsie]

Actually... I know of several energy companies whose generators and intake valves are controlled by PLCS. Those PLCs are on the same network as PCs (bad practice I know). Technically it would be possible for a hacker to use an infected computer as a stepping stone to controlling the valves and generators. This would let a hacker completely destroy the generator and a lot of equipment the generator is hooked up to.

Re:FUD

[thegarbz]

Factories are full of stuff that can kill people, and preventing them from killing people has nothing to do with controlling them, and everything to do with independent safety mechanisms.

Any modern plant maintained to any HSE or OSHA minimum standards would allow the control system to do whatever the hell it wants without blowing something up or killing anyone.

Sure there's a shutdown risk, but the major risks should be controlled in a way independent of something someone at a console could do.

Re:FUD

While you're correct, I would point out that it *is* a direction which several separate things are actively *attempting* to move us towards.

On one side you've got businesses who will cut costs at any opportunity, and only ever keep the bare minimum of safety the law mandates - or lie about having it as we may recall with the BP spill among other incidents. The more that can be done from across the globe with the less workers possible, the better. As long as it can be someone else's fault when everything goes wrong, let the profits fly.

On another side you've also got the companies making and offering the various apps and hardware, most of whom adore planned obsolescence (France is going after Apple over this), and many of whom would love for you to be merely "renting the right to utilize" their stuff under increasingly arcane "terms of service". Like the first lot they're big on trying to deregulate the stuff that's keeping "blow your computer up from afar" from being allowed (right now that would mean you sold them disguised bombs and then triggered the detonators, which would make you terrorists).

After that you've got all those US agencies who salivate at the thought of kill-switches in cars, 'self-destructs' and all sorts of other additions to remote/control processes that anyone would have to be a colossal idiot - or gravely compromised - to ever think would be a good thing to implement. They also enjoy industrial espionage.

And then you've got these vague nebulous "hackers" who may simply be curious about the security or who may want to load the printing presses up with page upon page of their dick-pics. Or perhaps they're with the second side trying to set up a false-flag, or with the first bunch and trying to get insurance money.

Problem is, while it was complete fiction for a long time, and is still mostly just bull, it *is* critical to realize that there are a disturbing number of both groups and individuals for whom being able to explode computers from afar is not only a wonderful idea, but something to invest in ensuring. We need to make sure that this stuff stays bullshit, because

Re:FUD

One teensy little problem though: They're always going to magically be not at fault when they investigate themselves for doing it.

Re:FUD

[aaarrrgggh]

Raw access to writing back-end registers would seem like an extremely odd design choice to be sure. There are apps that can initiate pre-programmed sequences (with safety interlocks handled upstream), adjust setpoints (with range checking still handled upstream), and pull telemetry and production data.

I can see how you could be a nuisance via tablet/smart phone app, but hopefully it would at least require a password. Re-programming safety checks though seems like terrible design.

Re:FUD

[cascadingstylesheet]

Oh look, it's the hackers can bomb you with you own computer headline again. This time featuring smartphones and apps oh boy that changes everything!

That said, poor security and factory machines accepting commands from smartphone apps does sound like a rather bad idea.

Re:FUD

[Bob+the+Super+Hamste]

Not all of it is FUD but it is likely fairly overblown. Remember there was this from 10 years ago where INL let the smoke out of an expensive generator. There is a lot more to the test that was not released to the general public but to those in the industry but it isn't entirely FUD. It also isn't surprising that companies want phone apps to interface with the factory floor devices because that kind of stupid shiny sells to MBA types.

Re:FUD

[Bob+the+Super+Hamste]

I would say to report them to NERC if they are in the US or Canada.

Re:FUD

[AbrasiveCat]

And "nasty" people can blow up factories using dogs! (but never cats, they are too lazy)

Re:FUD

[TheDarkMaster]

I see you did not understand my point, right? It's okay, I understand that not everyone is aware of how heavy power equipment works in real life.

The idea is that in a system that has a minimum of good sense at the time of design, you have layers of protection of different kinds that prevent a potentially catastrophic command from being executed, and you also design knowing that your control system may have problems and may try to execute exactly these commands that can be catastrophic. Then you put protections on the system that do not depend on each other and that can not be affected all at the same time, in particular when you put an electronic control on something you also have to put mechanical limits on what the electronics can do if they lose control, so that if the electronic control fails (or is deliberately sabotaged) it can not damage the equipment.

Short version: Equipment which can "explode" because of ridiculous "superhackers" only happens in Hollywood or when you have a completely incompetent engineer, and I seriously doubt you're going to entrust a multi-thousand dollar rig to an incompetent engineer.

Re:FUD

[TheDarkMaster]

I have followed in person with great interest the operation of a power plant where PLCs are used to command heavy equipment. All the equipment had fail-safes in case the PLCs tried to send invalid or potentially destructive commands so the worst that a "Hollywood superhacker" could do would be to shut down the plant (without damage), and even that I believe would not work because the operators in place also had secondary independent controls in case the main (the PLCs) had problems.

Re:FUD

[Bob+the+Super+Hamste]

You would be surprised at the dumb shit I have seen in dealing with securing similar systems. Yes it is layer upon layer of security measures, or it should be. But far too often someone forgets about that ancient tape changer in storage room b-37 that is still connected, or some PHB decides that they want to be able to check in on machines and shut them down from their cellphone while at home.

One of the problems with ICS systems and others like them is that they assume that the operator knows what they are doing as most of the time the people who are running these things do. The problem occurs when someone who isn't competent, or is malicious wants to do something else. Here the system may warn them before but will let them do it anyway, unless it was a known bad configuration when initially programed but this often is far too big of a state space to program for. Yes there are mechanical limits put on the machine but that doesn't mean it isn't possible to create an unsafe set of settings as was done with the aurora generator test where it was brought out of phase with the rest of the grid. Under normal operation that would have been impossible but by toggling things correctly it became possible to bring it out of phase. This took a bunch of very smart people to figure out the right sequence of events so while it isn't something that could be done easily it could be and with cellphone apps becomes more likely. That said of all the things to worry about this is very low on the list, unless it is your job, and instead would worry more about squirrels.

Also you seem to have forgotten about the whole Stuxnet incident and other related and similar attacks. All of which were able to abuse equipment. Of course there was the attack against the Ukrainian power grid a little more than 2 years ago too. So I stand by my statement that very often this is overblown in the media who love spreading FUD, there is a nugget of truth hidden there and people who have to deal with these systems need to pay attention.

Re:FUD

[nnull]

I don't know. But go to anyone hosting conferences for Siemens, Rockwell, etc. The big talk is about having things controlled with your smartphone app and being able to upload changes while sitting on a beach. Try to mention anything about the dangers of such a system and you get talked down too.

Re:FUD

"Could" - Yes, maybe if the other fail-safe mechanisms that are not controllable through the smartphone app also go out. Probably more than 3 if's in the chain that leads to explosions... That does usually mean FUD, I agree.

Re:FUD

Not quite true. The advent of cheap servos and encoders has made those limits programmable. I'm starting to see bad design decisions due to it, removing physical limit switches, etc. And if what you say was true, all the big CNC manufacturers wouldn't be replacing spindles all the time because someone made a mistake. There goes 30k for your beautiful Mori Seiki CNC because they still can't for some reason prevent crashing with modern tech.

So yeah, anyone that really wanted to be nefarious can seriously damage someones production equipment and cost them quite a bit of money or bankrupt them.

Re:FUD

[nnull]

I'd like to know what fantasy world you live in where I have competent people designing such systems all the time. My auto-tie baler destroyed itself because the physical limit switch failed, brand new by the way from a very reputable manufacturer. It should have never happened, but it did.

If what you stated is true, I wouldn't have half the problems I have with quite a lot of manufacturers. Point being, not everything is so cut and dry as you state and there are a whole lot of incompetent people building equipment now (Not including incompetent contractors). And yes, there is equipment being sold in the million dollar and up range that have such problems, especially if you're buying from Asia. Not saying there isn't well designed equipment, but a good chunk of designers are now negating common sense.

Will machines explode? In most cases, probably not, but anyone with nefarious purposes could easily damage equipment that costs quite a lot of money to repair. But I think the more likely scenario are hackers locking out equipment for money. However, speaking of explosions, I can name you a couple companies that deal with Ethylene Oxide with some of the lousiest safety practices you could imagine. Any hacker could easily cause these plants to explode as their safety lockouts is a button that signals a PLC to open a gate and keep another gate from opening to keep the LEL below 3% (One of them already blew up because a maintenance guy bypassed safety procedures by modifying the PLC). Open the gate at the wrong time and you end up going over the LEL and boom.

Re:FUD

[Rogue974]

I am a Controls Engineer, i.e. I maintain, code, spec, etc. systems like this. Not a programmer for the vendors who make the software, but end user at a plant using controls software and hardware to make things happen.

The smartphone is not controlling anything, it is the window to look into the controls system to see what is happening.

All of the major companies are designing applications that can do the same thing the operator interfaces do from a smart phone that is connected to the same network as the machines. Valve manufacturers are building applications into their valves that a valve can be controlled by a smart phone!

Some facilities are perfectly fine doing things like this. The place I work, I tell the vendors no, do not want, will never want and if they build those into their equipment where I can't order without those options, I will disqualify them as a vendor. They have all said, yeah, so and so across the street said the same thing. I won't even let them have the options in and turned off by software because it could accidentally be turned on or hacked if they didn't secure it.

I also have known of and work in plants where they don't care because they are making food stuff out of food raw ingredients and nothing will blow up. They worry about microbial contamination. Lots of other examples.

Why would you want to be able to do things like this? I know some companies who have people like me that can remotely log into the controls system from anywhere in the world and make changes to their systems or run the system if need be. It is because they have a few experts on the system, the knowledge is not easily transferable so they want them to be able to have the ability to do those kinds of things in a moments notice because a line down costs $10,000 an hour and it is worth the risk.

So the vendors make the applications that are Operator Interface on the go and some people buy those and use those. I don't have any examples to show you exactly what they are because in my role at my company, part of my job is to say no we will not do that. I have seen them and they are really nice and convenient, but you have to ask is it worth the risk.

Re:FUD

[nnull]

Give it time, the incompetence will sweep through power plants soon when all the older guys retire just like the rest of the industry.

Re:FUD

[nnull]

And do what? Most inspectors don't have the knowledge to deal with this. Most inspectors will not ask what the hell the PLC is doing because they don't even know how a PLC works. Edison stole my transformer for my 4000Amp gear, reduced me to 2000kVA, so now I have a hot boiler outside. Utility commission doesn't care and the city is helpless about doing anything about it. Think NERC will be any different?

Re:FUD

[TheDarkMaster]

it was not a fantasy world. I worked in a power plant and in this plant you do things right as I described or really, really bad things happen. And to be honest if the situations you described could not be avoided with failsafes then it means that the engineer who designed that failsafes did not know what he was doing, which then falls in the case of the "incompetent engineer" I have described.

Re:FUD

[TheDarkMaster]

Well... You and I would not put cheap servos and non-physical protections on an equipment that weighs several tons and costs easily over a million dollars, right? I know that many people do stupid things when designing safeguards on equipment but these are the incompetent engineers from my example

Re:FUD

[Monster_user]

If ease of access and remote accessibility takes priority over safety when the dangers are to life and limb of employees, well whoever is pitching that needs to be talked down to. Bring proof and we'll get whoever is hosting these conferences shut down, and shut out of whatever business they are in entirely.

Re:FUD

[Rogue974]

Short version: Equipment which can "explode" because of ridiculous "superhackers" only happens in Hollywood or when you have a completely incompetent engineer, and I seriously doubt you're going to entrust a multi-thousand dollar rig to an incompetent engineer.

I replied to another of your posts, but let me say again here:

I am a controls engineer, do this for a living, know industry standards.

Yes, you have layers of protection to prevent things from happening, but the electrical with a mechanical back up you seem to think is required is not correct. Having one system that does not affect another system is correct, but quite often both systems are electrical and both systems tie into the same controls network and if you can get to one and reprogram, you can get to the other.

Quite often the mechanical things for protection are put in place for when the control system completely looses power and then the system has a back up safe state that requires no power, but if the controls system is in place and working, those mechanical limits don't matter.

Think about your car. It can go from 0-120 mph, but isn't save beyond 80 mph so they put in a software governor so the gas cuts out when you hit 80 mph. They could put in a mechanical limit as well, but it is more expensive, not required and you can't get to the software normally so they don't need to.

I hack your car and remove that, you can now go 120. I hack your car and remove control of the steering and gas/brake and put the pedal down until 115 is reached and then cut the wheel. Even if there was a mechanical stop so I could not get passed 80 mph, you want the car to be able to go 80 so I can still take control of the car and crash you at 80 mph.

Controls systems are generally safe, have many layers of protection, but most of the things you think exist to stop the controls system from being able to make things go boom don't exist most of the time in most industries. Normally, it is the programmable systems that protect you.

Re:FUD

[Monster_user]

An important system being controlled by a smartphone app isn't dumb. It is an option as long as the process is locked down and secure. If there is any desire to improve manageability and access then a smartphone app is a good thing. Now, important systems which contain sensitive financial/health/etc information or which affect risk to a persons health or life should not be accessible outside of trusted on-site users. Smart phone apps should not be allowed for these systems to avoid creating a bridge between the internal (company) and external (cellular) networks.

Re:FUD

[TheDarkMaster]

No no, the mechanical protection I have described is of another type. There are several examples I can give but let's get one of the simple ones: Imagine some system where if the valve A is open then the valve B needs to be closed and vice versa, the valves MUST not open at the same time. in a normal situation you have a PLC deciding when to open and close the valves, but the valves contain a mechanical limiter such that when valve A opens the mechanism locks and prevents opening of valve B (and vice versa), then even if the PLC orders the two valves to open only one will be able to open because of mechanical blocking (this also exists for electric keys)

Re:FUD

[nnull]

"I worked in a power plant and in this plant you do things right as I described or really, really bad things happen."

It'll come, don't worry. Our utility company here, Edison, is already full of growing incompetence. I already have an undersized transformer that glows in the dark supplying my service. Edison laid off a lot of important people, people that I've actually had the pleasure to study their work because they're the ones that wrote the book on anything medium to high voltage stuff.

"And to be honest if the situations you described could not be avoided with failsafes then it means that the engineer who designed that failsafes did not know what he was doing, which then falls in the case of the "incompetent engineer" I have described."

And sadly, this is becoming more common. As demand for cheaper equipment grows and no over sight for worker safety anymore because of costs, this is just going to increase exponentially. We already have some great examples of some huge accidents, like Deep Horizon. Utility companies are not immune.

Re:FUD

[Darinbob]

I think there's a group of FUD people out there with regards to SCADA, smart grids, or even embedded systems in general. So we see these sorts of doom and gloom stories quite often that turn out to not have much to them except for the initial panic.

Re:FUD

[Rogue974]

No no, the mechanical protection I have described is of another type. There are several examples I can give but let's get one of the simple ones: Imagine some system where if the valve A is open then the valve B needs to be closed and vice versa, the valves MUST not open at the same time. in a normal situation you have a PLC deciding when to open and close the valves, but the valves contain a mechanical limiter such that when valve A opens the mechanism locks and prevents opening of valve B (and vice versa), then even if the PLC orders the two valves to open only one will be able to open because of mechanical blocking (this also exists for electric keys)

Yes, those things exist and are used, but more often they are not used.

Even if you use those kinds of mechanical limits, there are more scenarios then I can count where those are not practical or even possible and you can fire open 2 valves if you have access to the code and can blow stuff up, or vent something to atmosphere or overwhelm a Waste water treatment plant.

When it comes down to it, most things in life are protected by the code of the systems, either process controls systems or safety instrumented systems. There are many ways you can secure systems, like the mechanical limits you mention, but it is all a matter of the risk analysis done and most times, it is in the code. If you have access to the code, all bets are off and you can do just about anything you want to the equipment.

Re:FUD

[mushero]

Ah, yes & no - those protections you speak of are in the PLC and controller code, which may well be able to be changed via these apps or vulnerabilities exposed to or by these apps.

Of course, we try to ensure no console/operator can blow things up, but they can do many bad things, like mix explosive chemicals, run at unsafe speeds/temps with various material mixtures, over-tension, etc. The control system can't know everything in complex systems.

Plus lots of systems have manual modes and sequencing that depend on operator brains and skills, and perhaps maintenance modes.

Having any Internet or phone connection to control systems boggles this old control engineer's mind; foolish in the extreme.

Re:FUD

[thegarbz]

Ah, yes & no - those protections you speak of are in the PLC and controller code, which may well be able to be changed via these apps or vulnerabilities exposed to or by these apps.

No and no. There's no safety systems vendor in the world that provides an "app" that can write to a safety system, and PLCs and controller codes are far from the only systems. Thermal protection for machines is often independent of safety and controllers, for electrical they sit in the electrical protection domain even for things like temperature. For pressure protection there are relief valves, and bursting discs. For flow protection we have check valves (which admittedly spend more time in a jammed state than anything useful). But fundamentally when analysing the risk on a site the primary scenario you take into account is the failure of the control system.

like mix explosive chemicals

So your safety system isn't configured correctly?

run at unsafe speeds/temps with various material mixtures, over-tension, etc.

Your overspeed protection is set incorrectly?

The control system can't know everything in complex systems.

It doesn't need to. In process in general there's a 100 ways to screw up a product but only a select few ways to kill people or properly blow something up. Those are typically clearly defined and easily identifiable.

Plus lots of systems have manual modes and sequencing that depend on operator brains and skills,

Anything an operator can manually do should not result in a major incident. Sequence aborted, yes, process shutdown, yes, maybe even minor equipment damage such as carrying catalyst to a place it shouldn't, yes. But anything that results in significant safety risks should have independent systems to ensure that during the sequence an incident can't eventuate.

Now that is if you're compliant with risk assessment processes. Clearly there are plenty that are not, e.g. on the Chemical Safety Board's website the very first article is about operators manually mixing two chemicals by hooking up to the wrong line which wasn't clearly identified and valves weren't lined up correctly and no interlocks were in place. From my comment I wouldn't considered this as maintained to minimum standards from the HSE (and likely OSHA too) since this risk was either not understood, or almost criminally not mitigated.

and perhaps maintenance modes.

Now we're talking! This is actually the single largest cause of incidents in the west. Miss-management of abnormal operating conditions. Failure to do management of change, failure to risk assess, failure to identify changes in the plant operation, failure to manage bypasses etc. The vast majority of our leaks, fires, explosions, etc are all caused by someone making a physical change to the process or removing (or not replacing) one of the safety barriers.

Anyone who suggests this should be possible from an some app, or at the press of a button should have their pubic hair individually plucked. Yes I agree with you the idea to turn everything into a fucking app is horrible. :-)

Re:FUD

[MoralCharacter]

While the article doesn't give exact details on what apps they looked at, the category seems to be 'Industrial equipment control apps'. This could mean a lot of things - these could be apps that just act as a remote control interface to a machine unable to cause the machine to act unsafely.

...Or it could be an app used to update/program the machines firmware... in which case all bets are off when you can inject what you want into the brains of the machine if any of it's safety features are dependent on settings from the board. Current thresholds, temperature thresholds...

Look at the increasing popularity of industrial robots. A lot of their safety features are largely dependent on their programming - sensor readings/responses, movement ranges, even the series of motor movements performed in an action could be altered by a compromised update utility in an app. You don't even need to tamper with these things for them to be highly dangerous and lethal to people who get in their range.

Yes, mobile apps are being used to program hardware. I just recently released an app that can update the main boards firmware of our companies equipment over bluetooth or usb. It's entirely feasible to do this with any kind of re-programmable hardware designed with the feature in mind.

That's nothing!

My dumbphone can blow up a factory with a mere SMS message.
All I need is some C4 and a remote trigger.

Re:That's nothing!

Why do you trolls always threaten anal sex? A little curious, are ya?

Re:That's nothing!

I’m gay and I loooooooove fucking asses.

Blow up an oil refinery?

OK let's say you have enough knowledge to do this remotely. Even if you can manipulate process automation through a smartphone app, it's a sure bet you can't change most of the limits or permissives. There are specific reasons why process and power are designed to prevent this and covered by ASME or API codes. It's not random or arbitrary design. And while there are industrial accidents they are usually a chain of multiple failures or unforeseen problems in the design no one anticipated.

This article is FUD. You may be able to trip the plant or shut down production, but unlikely to cause a malfunction that results in a catastrophe.

A few people shot out some PG&E transformer oil reservoirs in California a while back. It tripped the substation, and PG&E routed around it. That is more likely than a hacker gaining enough knowledge to cause damage remotely.

Re:Blow up an oil refinery?

You have no idea how insecure some industrial systems are. I remember having found unauthenticated remote administration modems directly connected to industrial production robots when on a pentest project. You could do a lot of bad stuff with such an access - kill the machine or even the operator, if you are lucky (or not). Granted, this was some 10 years ago, but I doubt the situation is much different today, as you don't replace industrial systems that frequently. The systems I was testing were from the 80's, and that was in 200x.

Only works on factories run by morons

1st rule of internet security: Only hook something to the net if it must be hooked to the net to do its job.
2nd rule of internet security: If a system is hooked to the net to allow monitoring, make it only capable of transmitting onto the net, and not recieving from the net.
3rd rule of internet security: Do not hire morons who will plug a memory stick into a unit that's not on the net, after that stick has been in a unit that is on the net.
4th rule of internet security: Disable any wireless connectivity on systems you are not intentionally hooking to the net.
5th rule of internet security: Do not hire anybody who would violate the preceeding four rules.

If your CEO is a moron he/she will make it less than a fireable offense to violate any of the above, and then your company deserves to have its factories explode.

Re:Only works on factories run by morons

[Reverend+Green]

Organizations that blame their security issues on "morons" are unlikely to develop an effective security posture.

Re:Only works on factories run by morons

[AHuxley]

Re Only hook something to the net if it must be hooked to the net to do its job.

But that would need more workers on site. They will fully unionize over the long shifts and demand a "living wage".
The idea of hooking something to the net was so one trusted engineer could do the jobs of many on site workers.
Without the internet local workers would have to be hired on site again and they will unionize.

Re Do not hire morons who will plug a memory stick into a unit that's not on the net, after that stick has been in a unit that is on the net.

That moron was the trusted engineer who found a memory stick on site and who was attempting to see who was walking out with company files.

Re Disable any wireless connectivity on systems you are not intentionally hooking to the net.

Why have a physical network all around a site when a wireless network will do? Thats some savings all over the site and the engineer has real time networking. No network to build in difficult places.

Re Do not hire anybody who would violate the preceding four rules.

But they have to be politically correct and virtue signal. The publicity photos have to have the correct optics.
Unskilled people who are not loyal to the USA have to be given jobs too. The federal gov knows if any company is not hiring the politically correct ratio of unskilled people.
A failed security clearance cannot stop an unskilled person for been considered equally for a job needing a security clearance.

The CEO's have a lot of things to consider. The needs of the engineer to keep the production line working. To stop their workforce from falling under the spell of a union again. To not waste profits when a wireless network is ok.
To hire the correct ratio of unskilled people to avoid the federal government for asking questions about hiring practices.
Security is just another consideration on a list of political and spending problems.

Re:Only works on factories run by morons

[Darinbob]

By "moron" this means the people creating the security procedures, or the workers who refused to take the proper training. The solution is to fire those workers. Ie, the poster did not mean you should blame the workers who are morons, but meant that essentially no company is being this stupid unless it's actually being run by morons. In that case, you can blame the morons who are running the company.

Re:Only works on factories run by morons

[aaarrrgggh]

The wireless access is provided to address real-world problems, start-up/commissioning are the most common from the manufacturer/OEM side, giving status and supply level data to floor managers, and eliminating the need for everything to be controlled from the control room.

These things all increase attack surface, but they are ultimately part of running a lean operation, so they are here to stay.

Internet connected things have internet problems

Unplug the things that you can't afford problems with, you fucking convenience salesmen.

Red Storm Rising

[b0s0z0ku]

Anyone remember the oil refinery scene at the beginning of Red Storm Rising? Now the fundie engineer doesn't even have to go near the refinery to cause chaos.

Re:Red Storm Rising

[K.+S.+Kyosuke]

But then you have to blow yourself up on your own at home... Where's the fun in that? (Shut up, Khomeini! I wasn't asking you)

In the 1980's

[AHuxley]

Some nice fictional movie script could go like this:
Someone preppy who is photogenic has a modem and a new computer.
They had the phone number of their local power plant.
They created a script to dial every extension and only keep the number of any phone number extension that responded to a modem.
A day later they got a direct line to a modem in the power plant and could interact in computer ways with the local power company...
Black helicopters, federal law enforcement in suits swarm the local town looking for the computer owner.
In 2018 the movie has to have an app. The messages to and from the power plant are now are all on social media and have a pretty GUI.

Re:In the 1980's

We have a holiday today! We are updated to be better for our users. I want you to be happy with a cup of coffee with us voiptimecloud.com

Here's something to worry about

[schematix]

Security in automation controls is an absolute joke. In the world of Rockwell Automation (if you're not familiar, roughly 70% of the US automation market), with network access to a single device anywhere on the automation network, you can go in and upload an entire controller entire program and see the full source. Their only 'security' is easily bypassed by a program on sf. Once you have said program, there is nothing, literally nothing, from stopping you from changing the program logic to do whatever you want. If you like you can even make temporary 'test' changes until poop hits the fan, then cancel them, returning things to normal. There's no logging of any of these changes and no security to prevent you from doing it. This is scarier than Meltdown/Spectre and i'm utterly amazed we haven't seen more disasters due to the simplicity of access and modifying these systems.

Re: Here's something to worry about

If the access required for uploading new firmware is physical, risk is low. If all that is required is an app on any smartphone, risk is high. This probably falls somewhere in between, however, the article is talking about flaws and vulnerabilities in the software; which doesnâ(TM)t build confidence.

Re: Here's something to worry about

[schematix]

Most of these systems are highly networked. Frequently they are linked to business networks for data collection. It's usually only 1 or 2 hops off the general internet. A system I am very familiar with has publicly routable IPv4 IP addresses going into the main control rack for all of their process systems. The only thing preventing access is a firewall. But even then, if you get into the business network, its all wide open. Don't get me wrong, there is a lot of security, but it's also connected and one hop away from being wide open.

Re:Here's something to worry about

[nnull]

The sabotages are already happening. It doesn't get reported. I've already witnessed it at customer plants. It's going to get worse. Siemens and Allen Bradley are by far the worst in security. And of course, everyone now has to load teamviewer on every HMI with a static password and ID to offer support, to punch through firewalls.

Re:Here's something to worry about

[rkordmaa]

Anything dangerous has hardware failsafes. If you didn't have that the programmers would blow up the factory by accident, no hackers needed. Plus you can't get access over internet, if you could the viruses would have gotten there first, all industrial automation runs outdated windows, no updates ever. To actually mess with industrial automation instead of just faulting it out as any random virus could, you need to be on the level of Stuxnet creators and have your personal spy agency to do the homework on the machinery for you.

Re: Here's something to worry about

[rkordmaa]

Yeah... that factory is just an operator looking at pornsite away from shutdown, hard lesson to learn, but you'll cut the cord when it happens, restore the machines and continue. Its not the hacker you need to fear, but just the regular old viruses that try to sell you penile enlargement pills and crash everything while they are at it.
Question, when did you last stop the production in order to apply windows updates? What's that I hear, never in the last 10 years?

Re: Here's something to worry about

I used to work for a national sports league franchise in their arena. Lots of what you describe, and also, you are correct in your assessment of how unsecure those Rockwell systems are. Because they were a PCI compliant business/franchise, they took management of their financial data and transactions much more seriously than they did their automation/hvac/powerplant, etc systems.

Re: Here's something to worry about

Or just

Re:Here's something to worry about

Apart from the physical Run/Program key on the PLC of course which in normal operations is set to run and stops any changes to the PLC code.

Re:Here's something to worry about

You obviously haven't worked in an industrial automation setting my friend. I have, spent 6 years on factory floors setting up automated manufacturing for food production, bottling, paper manufacturing, etc.
You want proof? I'll give you two examples, and these were accidents, not deliberate (which could have been a whole lot worse):
1. Peanut butter: you have to heat this stuff to 80C and push it through pipes at 150 PSI. Well, some numbnuts newbie engineering working for me didn't check his process code, and shut a valve that should have stayed open. A pipe seam popped under the pressure, and spit highly viscous 80C peanut butter 100 feet through the air and across the plant area before splattering on a wall. Imagine if there had been a person in the way. The poor slob would have been in agony until he either died of shock or made it to the hospital with 3rd degree burns.
2. Paper machining. If you've never seen a paper roller, it's a sight. Imagine a 40' long, 6' wide roller humming along at 3600 RPM. When in operating, the room it's in (the size of a two football fields side by side) has an ambient noise level of 125 dB. Without hearing protection, you can go deaf in minutes, but I digress. Again, in my experience, an operator upstream from the roller (meaning before the paper hits the roller), made a big mistake and started a maintenance cycle too soon without checking. Result:the paper hitting the roller didn't have the right properties, and caused an emergency shutdown of the roller. Any idea how long it takes to shut down that big of a roller safely? 15 mins. Any idea how long to start it up again? 30 mins. Economic "damage" to the company for this screwup: in the 6 digits, easy.
In Short: there are many many many ways to bypass said "mechanical" safeties to cause mayhem, not just physical, but economic. The fact that Allen Bradley, Seimens, et al don't have security baked into their products only makes it that much easier for threats to make it in. It's hard enough with the people who are supposed to be doing it right (engineers and operators) then you have to factor in crazies or deliberate saboteurs who aren't blocked because security is non existent in the products.

So unless you're in the business and have experience in actual operations, reserve your judgement next time.

no longer a threat

[Reverend+Green]

Phewww - that was close! But thanks to the diligent bi-partisan efforts of our legislators and the brilliant patriotic leadership of our businesspersons, the United States is safe from this threat. We have no factories left for anyone to blow up.

Re:no longer a threat

[rtb61]

Of course if you were going to be that destructive, much safer to drive around in a white diesel van with an PTO and an electromagnetic pulse generator and simply cause wide spread chaos on the move. Pretty hard to track you down, as all the tracking systems and agencies go down and you are only noticeable by the fact you are still moving, whilst everything else is coming to a halt with the damage and impact tied to the power output of your EMP device and how many kilometres you can travel with it pulsing away. Don't do this, it would be bad, seriously but you know where this is going been said again and again. When governments hack governments, the next step is EMP attacks, it is inevitable that it will escalate to this and you can bet corporations will attack corporations, billions at stake.

Re: no longer a threat

[Jesus+H+Rolle]

Wouldn't the first EMP disable the vehicle? It's like a serial suicide bomber.

Re: no longer a threat

[Jesus+H+Rolle]

Oh, diesel. Maybe if it was old enough.

Re: no longer a threat

[l20502]

I'd say cars stopping all around the truck and trapping it/blocking streets would quickly end this plan.

Internet and intranet access should not mix

[Pinky's+Brain]

If you allow remote access to factory systems with anything else but special purpose laptops with hardware VPN and zero Internet access, you're doing it wrong. Any data crossing between from internet to intranet should require red tape, any software mountains of red tape (all on physically archived paper). Any data from intranet to internet should be across busses verified to be strictly unidirectional (ie. not tcp/ip with some ungodly complex stack written in C).

Almost everyone is doing it wrong ... the only place you should BYOD is the unemployment line.

Re:Internet and intranet access should not mix

[AHuxley]

Re "Any data crossing between from internet to intranet should require red tape"
East Germany faced just that problem. One day a trusted member of staff walked out with a list of East Germany spies in other nations.
Before creating new trusted spy networks with new names something had to be done to prevent a list of spies ever walking out again.
Details about mission, the spy codename, the real identity got split up into very different physical files kept separated.
Nobody could every put the real name to the results of a mission without mountains of red tape to walk each file together and see a person's name linked to a mission.
East Germany then went digital.
Th East Germans thought it would be good to have a full list that could be accessed if spies had to be given new missions very quickly.
The CIA walked out with the list of all their spies.
The same was used for NSA compartmentalization until the political rush for private sector contractors resulted in walk outs.
The storing of some US gov/mil/contractors/workers information, clearance levels, past work, mission history, lifestyles in plain text on internet facing computers.
Political parties who have trusted staff walk unencrypted data to the waiting media.
So much is done to save time, for politics, for cost savings that later results in vast amounts of data walking.
No apps needed as everything is in plain text as thats how its been used everyday.

Re:Internet and intranet access should not mix

I was developing an experimental medical monitoring device; we couldn't legally use anything electrically connected on a patient without FDA approval, and we couldn't get FDA approval without patient testing.

The standard approach in such situations is to send the data over unidirectional fibre optics from the device to the data logger (a laptop in this case). Physically impossible to send anything back along that connection with the hardware we were using; the transmitter had no ability to recieve signals and the receiver had no light source. If you NEED your industrial control system to output data, that's how to do it.

Re:Internet and intranet access should not mix

[rastos1]

Was it, by any chance, called a NOC list?

Re:Internet and intranet access should not mix

[AHuxley]

East Germany lost its actual spy contact lists. Names, locations, everything needed to find the person in another nation quickly and contact them.

The US stored some of its workers, contractors, some gov/mil background information in plain text on internet facing networks.
That copy kept in plain text, copied out onto the internet gave away all information about some workers life, some work within the US gov/mil. The skills set they had. Any past lifestyle issues with say gambling, healthcare, past legal issues. The quality of interviews done to grant them some security clearance.

Re the NOC list. All the names that are not on the copied files but work for the US/gov mil kind of put a different list together.
The US kept its non-official cover much more private and totally secure but a simple comparison of actually staff working and the copied plain text database would give another skilled nation a list to guess from.

Dont keep interesting data in plain text, on networks that can be seen from the internet. Keeping an investigation open to watch what interesting people do as the data is been copied out still results in the data been copied out..

Exploit them

[Gravis+Zero]

The only way we are going to see any change in the industry is if it starts costing them money because simply continually cleaning up the messes of careless companies isn't going to change their attitude toward security. The reality is that you are actually enabling them to continue on with their poor security practices.

Re:Exploit them

[nnull]

Unfortunately, there is still too little people interested in exploiting such companies. I'm pretty sure it will come. Crypt locking machines seems like it could be a very lucrative business.

Re:Exploit them

Huh? Crypt locking a plant/utilities computer only means that they have to load the backup. They will lose 0-24 hours of data, that's about it. It would be foolish for them to be extortionists any amount of money for those 0-24 hours worth of data since it would only leave them open for more attacks.

oh no! you stopped the conveyor line~

I don't know what you're really getting at.

So you broke a conveyor line, so then the workers are going to just use pallet jacks to manually shuttle things around the floor.
So you broke a machine, oh, we'll just truck everything to the other plant.
So you broke the plastic wrapper, oh well, we'll just have to manually wrap the pallets in plastic.
So you broke the automatic labeler, oh well, we'll just have somebody manually label the product.
So you break all of these things at once... okay, now we'd better start an investigation for prison time and/or hefty fines.

I hate dealing with IT people, as their idea of 'total disaster' or 'hull breach' is really a minor inconvenience that already happens anyway for different reasons (machines break down all the time, people or product don't show up, down for maintenance). So then they aim to make a software developer or engineer's entire existence sad and inconvenient with their draconian rules.

What, clap 3 times before downloading a program, and fill out a useless form? What is your idea of security? I wish IT could work in a positive manner with managers and engineers, the same way that engineers can work together with managers and see the big picture.

Re:oh no! you stopped the conveyor line~

[schematix]

Not really much you can do with a packaging line. Energy levels are so low the worst you could do is break a small machine. Where things get interesting is when you getting into dealing with industrial processes that require a lot of energy. For example, steam boilers, or distillation towers. You could level a whole plant.

Re:oh no! you stopped the conveyor line~

Still not much you can do other than trigger an emergency shut down or possibly a limited environmental hazard if there is the possibility to dump something.

There are basically 2 issues:

1.) Access to the SCADA system. This is what it seems like they describe in the article. With this you can probably mess up the product and/or cause a halt (that is some industries would lead to costs in the millions). But it's unlikely that there are settings available in the SCADA settings to let you blow up a plant.

2.) Access to the PLCs/Controllers directly. Well now you can run arbitrary code. This can definitely cause a stop or mess up the product (probably without getting detected if you have enough knowledge about the system in question). However the safety systems will either be electromechanical (with only indication going to the SCADA system) or implemented in a "Safety PLC" (or a "Safety PLC module for a normal PLC). And you can't just change code in a safety PLC, you would need to take down the plant and there would be plenty of forensic evidence, plus you would need a password.

If they found a security hole that would let someone run code on a safety PLC without going through the normal procedures (Stopping the plant, signing with password, time and checksum saved in permanent memory etc.) then I would agree that there is a tiny risk to cause an explosion. But probably still not, likely the mechanical safety valves would only lead to a minor catastrophe.
             

Re:oh no! you stopped the conveyor line~

Then here's hoping a competent engineer designed a relief valve / dump valve / emergency response system into it, independent of the Rockwell PLC. A hardware solution to a software problem.

I would agree that this isn't always done, but most engineers understand that outputs can fail, valves can stick on or off, or cables can become unplugged. The ones that don't ask "what happens if?", usually don't last.

Re:oh no! you stopped the conveyor line~

[nnull]

For more automated plants, shutting down anything can be quite catastrophic. Bottling lines, injection molders, cnc shops. How are they going to do all this stuff manually? And sabotaging steel mills has absolutely disastrous consequences. All this can cost millions for even just a couple days down time. I know in my plant, I would have to basically send everyone home as there would be nothing for anyone to do. Doing things manually is no longer an option in many places.

Re:declined to say which companies were the worst

Calm your tits there Louis Freeh. You don't name shit under NDAs. You can demand pepperoni all day but forget it. ALL stories are hearsay/heresy, pipe down with your "am I being detained" last minute meth-hiding antics.

no setpoint access / they won't trust you

You do realize that to make a program change at the level you're asking, you have to have access to the control room or side engineering rooms. This is usually up a secure elevator (keycard) and past workers and security guards that will ask who you are because they've never been introduced to you before.

Yes you could do social engineering to call in and set up a "go to my pc" session. But keep in mind everyone is going to be really skeptical when they hear you want to make remote changes and are being asked to download and install a program, but have never met face-to-face.

You might remotely hack in with modem/vpn access to the office air conditioning system, or business system that handles purchasing fuel and billing. You're not going to be able to make setpoint changes.

Re:no setpoint access / they won't trust you

[AHuxley]

Yes AC at best a full list of all workers from HR can be recovered.
With that another nations spy agency/contractors can cross reference all workers for crimes, illegal lifestyles, gambling debts, unfaithfulness, strange expensive hobbies, the need for a holiday, health problems, addictions.
A person who is susceptible to needing a lot of cash or has something to hide.
That trusted person can then be asked to do things on site or hire a new person who will.
Most good companies do penetration testing to see about elevator alterations that can go direct to secure floors. Can a total stranger can walk in and charm their way into a secure server room.

Re Yes you could do social engineering to call in and set up a "go to my pc" session.
The walk in tech support person seen talking to the boss who then wants to put their usb stick into a workers computer. Well past any outside app detecting firewall.
The charity person talking to the boss who wants to show a video clip on their usb stick of what the charity does.. after all that name dropping...

No risky outside app getting caught in the powerful firewall needed. Just do it all from the inside where everything is totally trusted because the firewall was so expensive and always works to keep bad things from getting in.

Re:no setpoint access / they won't trust you

[nnull]

Or you can just get the Teamviewer ID and password because the vast majority of tech support by major machine manufacturers and/or integrators use Teamviewer and a vast majority of them use the same password.

Re:no setpoint access / they won't trust you

The same password? Which one? Love, sex, secret or god?

Re: no setpoint access / they won't trust you

Most alien Bradley or Siemens control systems allow recipe changes to setpoints to be mAde remotely. You can pull up the hmi and start or stop pumps, change the positions of valves, or if you can get access to the ladder logic fix process values. You can't disable safety valves and rupture disks since those are mechanical but you could open a valve on an ammonia system for example and make a lot of people sick

Re: no setpoint access / they won't trust you

[aaarrrgggh]

True, and direct access to the ladder logic from the floor via an app is terrible security protocol, unless you have hardwired safety interlocks for range and sequence. You shouldn’t be able to start a pump with the suction and discharge valves closed as an example.

Samsung Galaxy Note 7

Was it the factory that built the Samsung Galaxy Note 7? I don't think that required an app...

Security researchers, Ivan Yaganoff & Ima Chir

[PopeRatzo]

Two security researchers, Alexander Bolshev of IOActive and Ivan Yushkevich of Embedi

Just out of curiosity, do all "security researchers" come from shithole countries?

Re:Security researchers, Ivan Yaganoff & Ima C

[PopeRatzo]

Damn Slashdot stepped on my joke. The subject line of my above comment was supposed to be,

Two security researchers, Ivan Yaganoff and Ima Chirkoff

HACKERS can turn your computer into a BOMB

I'll believe it when I see it.

New copy...

[freeze128]

"Two security researchers, Alexander Bolshev of IOActive and Ivan Yushkevich of Embedi, have been playing WatchDogs 2 way too much."

Another one

A few years ago, a not-too-clever politician was horrified to learn a specific chemical caused fires and demanded it be banned. Everyone who took senior-level school chemistry knows he meant KMnO4 (Condy's crystals), once a staple of every medical cabinet.

HAS SCIENCE GONE TOO FAR???

Surprise, smartphones are small computers now? Don't get me wrong, I've never been one for advocating vital systems to be connected to the Internet, but I do see the benefits of doing so, although the risks are often excessive IMO. Also, with interconnected systems, only one component (weakest link?) in the chain has to be connected for the entire chain to be vulnerable.

Re:HAS SCIENCE GONE TOO FAR???

[nnull]

There are going to be far more connecting industrial equipment. Data acquisition is a big factor in this, which I don't see a problem with. Interconnecting multiple pieces of equipment to form one line is another. However, lately there is a big push by big name companies like Siemens pushing remote access to your equipment from the beach and being able to "fix" mistakes from said beach. All the Siemens engineers are quite proud of this feature at these conferences, that you can change the functionality of an equipment thousands of miles away without even knowing what the hell it's doing physically, like maybe squishing one of those poor workers that's around it. I find that more concerning than worrying about someone trying to blow up a plant.

"Hackers could blow up factories"

And hackers could also not blow up factories.

What what the point of this article again? I'm very confused.

unconscionable

It's not hard to imagine this causing mayhem on an assembly line or explosions in an oil refinery.

Some /. headlines and summaries are bad, some are misleading, and some are unconscionable. It is hard to imagine that competent companies and engineers can design their systems so stupidly as to allow "hackerZ to BLOW UP FACTORIES USING SMARTPHONE APPS". Yes, incompetence happens. Yes, competent terrorism/vandalism happens. But no, the presumption is that this jump of imagination is simply an unethical sensationalization of GROSS NEGLIGENCE. The fact that this passes on /. is sad. Sadder than typical /. sadness.

Actually it is hard to imagine

[thegarbz]

Any refinery or chemical plant that is even remotely complaint with HSE rules should have very limited exposure to anything the control system can do to cause a truly major incident.

Sure it is trivial to shut it down or trivial to do something like cause catalyst or product to go to where it shouldn't. But any scenario that could cause something like an explosion should be identified and protected by safety systems independent of control systems and unable to be directly controlled.

Even when you look at oil industry incidents recently you can see the majority of accidents are due to missmanagement or bypassing of safety barriers for abnormal reasons which aren't properly risk assessed.

This potential scenario is one of the reasons the TRITON / TRISIS malware we covered recently got so much interest, and likely one of the reasons why the attacker was attempting to modify the code in the safety system.

Re:Actually it is hard to imagine

The current OSHA/EPA PSM standards do not require Process Hazard Analysis teams to discuss controls security, consider "double jeopardy" (i.e. the failure of multiple supposedly independent control loops), or the "failure of a safeguard" (i.e. manipulating SIS toward spurious trip). Until they do, there will remain scenarios whereby a maliciously programmed DCS could lead to injury or fatality.

One real example: the Texas City explosion of 2005 was caused by: human error (failing to account for inventory from a previous shift), failure of two DCS instruments (level), and failure to recognize triggering of a mechanical safeguard (PSVs lifted to blowdown stack). We now know that this scenario could be replicated with only a hacked DCS: make the level indicators lie, and eventually the process will kill someone.

Also, many DCS systems even in chemical plants are only two hops from the public Internet. The process control networks are managed by people with little experience in real-world security incidents, i.e. they never saw the bloodbath of Code Red, Nimda, SQLSlammer, and so on. The ICS vendors standardized on Windows in the late 90's because it made them more money via regular hardware/software update cycles, and now they assume that traditional enterprise AV and endpoint security are sufficient to stop Advanced Persistent Threats. They do not tell customers to avoid monoculture in hardware/software, or truly segregate systems (full air gap, not even data diodes), or even advise them against single points of failure (e.g. lots use the same ActiveDirectory server as the business network). Their embedded systems (controllers) have gone through few to zero fuzzing tests, relying on a security through obscurity mentality. They are basically where Windows was circa 1996 (think WinNuke.exe).

I have been following security since the early 90's back when comp.security.unix and comp.security.pgp carried the good stuff. So I'm not surprised at all that ICS penetrations are happening, although I will say TRITON was about 5 years earlier than I had anticipated. I have given up on trying to educate the owners of the process control infrastructure at my plant: they are too indoctrinated in the Windows weenie ecosystem to really "get" computer/network security. Instead it is my plan to require additional discussion of passive safeguards at future PHA discussions, precisely to get ahead of this issue. Look for any scenario, no matter how "obscure" or "impossible" to trigger, that lacks a passive safeguard of some kind (mechanical or inherent safety), and focus on those. Design the plant to assume that one day the DCS and SIS will both be compromised, and ensure no one gets killed that day.

My first thought:

[Qbertino]

Real life "Watchdogs". Nice. Gotta love this IoT nonsense everybody's into lately.

Re:Security researchers, Ivan Yaganoff & Ima C

Oblig: http://crazy.codetroop.com/randimg/imgs/computer_bomb.jpg

What a sensationalized title

What a sensationalized title

Fuck this headline

Fuck this headline

To satisfy the filter, I would like to add fuck this headline.

*MISSION IMPOSSIBLE*

Anyone old enough to watch the "Mission Impossible" tv series know to well how this goes ...

They fed one single punch card into a card reading machine and suddenly the bad guy's computer (a cabinet with lots of flashing lights) gone totally haywire, and smoke billowing out

Fifty something years later (this is 2018, btw) do we have to continue being bombarded with this kind of bullshit ??

What a disappointment

[m.alessandrini]

So the guy from Mr. Robot was not that genius?

Hackers can turn your computer into a BOMB!

Yeah, right.

Captcha: revise

Morons are too clever

[sjbe]

3rd rule of internet security: Do not hire morons who will plug a memory stick into a unit that's not on the net, after that stick has been in a unit that is on the net.

Not possible. If you don't want a memory stick plugged in then you will have to physically remove access. Even smart people with the best of intentions make mistakes or sometimes are duped.

4th rule of internet security: Disable any wireless connectivity on systems you are not intentionally hooking to the net.

Wireless (and wired) connectivity systems should be disabled by default and require positive action to enable. End users should not have the rights to enable this functionality.

5th rule of internet security: Do not hire anybody who would violate the preceeding four rules.

And how do you propose to identify these people ahead of time since they don't carry Bill Engvall I'm stupid signs.

Have you never heard of SCADA or Project Aurora

SCADA (process control) networks have long been known to have vulnerabilities that can be exploited in the real world. Further, project Aurora proved you could cause a generator to explode with the proper SCADA inputs. Just because they are front ending the mess with apps doesn't change anything.

Don't they follow the '2 mechanical backups"...

rule. When I was working with high voltage semiconductor equipment, the rule was that there
had to be 2 electromechanical (i.e. not computer controlled) backup systems to 'safe' things
before they could be accessed. Seemed sensible to me. Is this not followed anymore?

Already demonstrated in the wild, you forget?

Damn y'all naysayers forgot about Stuxnet fast.

for those saying it is FUD

I will just leave this here:

https://www.youtube.com/watch?...

I think people over estimate engineers consistently and fail to understand the context of an engineers work in todays world. its all fine and dandy to say that proper engineers would never do things like this or allow control of dangerous processes to have contact with the outside world, but engineers are people too, people who have bosses who tell them what to do. They are also afflicted by project costs and inter office politics, so much so that there is no more pure engineering as all of the consequences of failure is hidden away under a mountainous amount of red tape and corporate protection.

TL;DR: never underestimate stupid or greed, they will win over safety and caution every day of the week

Trillion dollar projects attract incompetence

Honestly, in my considerable experience working in the US industrial, defense, academic, financial, and aerospace sectors, the more money is spent on equipment, the more likely it is that the installing engineer will be dangerously incompetent.

This is because many corporate and government cultures preferentially promote and reward people with traits antithetical to good engineering (such as sycophancy, sociopathy, psychopathy and obsequiousness) rather than identifying good engineers through evaluation of the quality of their work. Very expensive engineering projects seem to attract pointy-haired incompetence like churches with celibate priesthoods attract pedos, basically.

READ ALL ABOUT IT!!

HACKERS COULD PROGRAM YOUR COMPUTERS TO EAT YOUR HOMEWORK, MAKE YOUR PANTS TIGHT, AND CALL YOUR MOTHER FAT! (not necessarily in that order)

A new study published in the Eleet Journal of Computer Sciences finds that you mother is fat and your homework will get eaten by the internet, thanks to hackers. According to Dr. Yakub Leafstein, hackers have actually already destroyed your homework and called your mother names. You just don't know it yet because you are being distracted by a massive propaganda campaign consisting of fabricated news stories, pants tightening imagery, and badly written fictions called duplicate lasagna. Dr. Leafstein insists the hacker threat is no longer just a threat, but a real world problem. When asked about the hacker threat, Dr. Leafstein said, "The hacker threat is no longer just a threat, but a real world problem". This is a whole new paradigm! If your own mother isn't safe from hackers, what is? With this new found knowledge we've come to the conclusion that anything is possible when the hacker is involved. Who knows what could be next? People voter fraud? Brain sex DNA modification? Blowing up swaprats with mobile telephone computer applications? It's like almost anything presented in fiction in the past is now a reality. Well, I for one won't be using my computer anym

Re:declined to say which companies were the worst

Well, that's why we needs spies/whistleblowers to break the info out. The NDA is simply a way to hide criminal acts. Public interest shall prevail over all NDAs. It can be done the easy way, or the hard way, but we will get free pepperoni for all!

Imagine

[nasch]

It's not hard to imagine this causing mayhem on an assembly line or explosions in an oil refinery.

Yeah I can imagine a lot of things. Can these flaws actually be used to blow something up, or just imagine it?