Researchers Warn of SCADA Equipment Discoverable via Google

H

HardOCP News

[H] News
Joined
Dec 31, 1969
Messages
0
A simple Google search turns up the passwords for SCADA systems used to run power plants? Umm, that can't be good at all. :eek:

Not only are SCADA systems used to run power plants and other critical infrastructure lacking many security precautions to keep hackers out, operators sometimes practically advertise their wares on Google search, according to a demo today during a Black Hat conference workshop.
Click to expand...
 
that doesn't surprise me. if everyone remembers that virus that attacked that nucelear power plant it was able to do so easily as the admin password is the default and you are forced to leave it that way otherwise some stuff won't work correctly as it was designed with the admin username and password to never change.
 
SUPERGT said:
Stuxnet
Click to expand...

That was not a nuclear power plant, that was a uranium enrichment center with computer controlled centrifuges.

Thankfully, the one control room I've been into had analog primaries and required manual control (no drive by wire).
 
This is what you get when you let electrical engineers design shit from the ground up...yea lets attach all of our plcs and control systems to the same network as our plants internet and general users are on. Oh no one can figure out what address this here processor is on because I used a magical static address....

My previous job I was an automation engineer and spent a good part of two years moving the plants control systems off the main subnet behind firewalls etc...anyone could see the robot palletizers from the internet and fucked up their world but They got lucky little Timmy never came a crossed it. This was a
plastics plants that made peanut butter jars for jif.

Now I work for a Generation and transmission power company...I fight with engineers all the time wanting to put relays in substations on the corporate lan...they don't get it. Thankfully the new nerc cip stuff is in full swing...
 
Although that was a military take down, and written specifically for that manufacturers system.
 
yeah sorry. I was refering to Stuxnet virus. I guess i was a little off on my thought of what it attacked. I thought it was part of a power plant.
 
It's not that hard. I just did it. Dear lord they need to fix this immediately.
 
From the comments on the article:

They were demo controllers and demo web interface put there on purpose by schneider-electric.com, absolutely no risk to public safety in the slightest.

The password is 1234 on purpose so customers could check out what the web interface of the product looked like before purchase.

These web interfaces were not connected to any live controllers on any production line, it is merely a customer demo.
Click to expand...
 
While this particular instance may not have been real (a demo), there are real problems out there with things being connected to the internet and corporate lans without any protection. I used to work for a company that sells door access control systems - the kind that open the door when you present a card key or enter the correct PIN. They started out with systems where the control panels were hard-wired to the main PC. Then they introduced modules to allow the control panels to use TCP/IP, and of course customers just put them on their company LAN. There's no passwords or encryption required to talk to the panels, so if you know what address they are on and the protocol (which would not be too difficult to reverse engineer), then you could open any door, modify the database to add/delete/modify accounts, etc. I argued that this was something the company needed to address - even a simple encryption scheme would be better than nothing (the panels have slowish 16-bit processors). But they ignored me. How hard would it be to breach most of these corporate networks? After that, they would be able to breach the physical building via the access control system. How much of this kind of thing is going on? Probably a lot.
 
So I'm still trying to figure out which nuclear plant Exavior was talking about that had the virus. The Stuxnet that was snuck into Iran was created by Israel and the U.S. which they admitted to, had to be brought in.
 
rivertown_rat said:
While this particular instance may not have been real (a demo), there are real problems out there with things being connected to the internet and corporate lans without any protection. I used to work for a company that sells door access control systems - the kind that open the door when you present a card key or enter the correct PIN. They started out with systems where the control panels were hard-wired to the main PC. Then they introduced modules to allow the control panels to use TCP/IP, and of course customers just put them on their company LAN. There's no passwords or encryption required to talk to the panels, so if you know what address they are on and the protocol (which would not be too difficult to reverse engineer), then you could open any door, modify the database to add/delete/modify accounts, etc. I argued that this was something the company needed to address - even a simple encryption scheme would be better than nothing (the panels have slowish 16-bit processors). But they ignored me. How hard would it be to breach most of these corporate networks? After that, they would be able to breach the physical building via the access control system. How much of this kind of thing is going on? Probably a lot.
Click to expand...

Heh, the physics lab I'm working for over the summer just installed a TCP-enabled temperature control in one of our experiments. Not only is there no password; they gave it a freaking DNS name. And it's something stupidly simple too like "temperature controller." I'm all for the honor system but if a disgruntled student ever wanted to anonymously destroy $200,000 worth of equipment, it is now alarmingly easy for them to do so. :O
 
You must log in or register to reply here.
Back
Top