A power plant hack that anybody could use
Researcher Dillon Beresford has developed code that can take down Siemens industrial systems. But should he release it?
IDG News Service - The night before the start of this week's Black Hat hacker conference here in Las Vegas, security researcher Dillon Beresford gave a demonstration to a small audience in his room at Caesar's Palace. The topic: how a hacker could take over the Siemens S7 computers that are used to control engines, machines and turbines in tens of thousands of industrial facilities.
It was a preview of the talk he was set to give Wednesday, and Beresford seemed both nervous and relieved to be finally talking to the handful of reporters and industry and government officials in the room. A few months ago it wasn't clear when or if he'd ever be able to go public with his research. Concerned that his research could be misused, he pulled out of an earlier conference to give Siemens more time to fix the problems he'd uncovered. Even now, after months of work with Siemens and the U.S. Department of Homeland Security, coordinating patch after patch for many of the bugs he's found, Beresford can't say everything he knows.
But clearly, he knows quite a lot. The question is, how much will he make public?
The NSS Labs researcher said he's found ways to bypass the S7's security measures and read and write data into the computer's memory -- even when the system has password protection enabled. He can steal sensitive information from the systems, he said. And on one model, the S7 300, he found a command shell, apparently left in the system's firmware by Siemens engineers, that he can connect to and use to run commands on the system.
After poking around for a bit he discovered a hard-coded username and password that allowed him access to a Unix-like shell program on the systems, where he can run his own commands: Username: basisk; password: basisk.
This shell is a "back door" to the system that could be misused by an attacker, Beresford said.
He also discovered dancing monkeys. This goofy graphic of four dancing monkeys was apparently an Easter egg -- a software developer's version of graffiti, left for other geeks to discover -- stuck in the S7 300's firmware.
The demo wasn't much to look at. The S7s are like futuristic grey shoeboxes with green LED lights on them. Smoking a cigarette, Beresford would type into his laptop and one by one, the machines would turn off. But considering that each one of those machines could be running a nuclear centrifuge or an elevator, the demonstration held everyone's attention.
The government official in the room Tuesday night -- a contractor from the U.S. Department of Homeland Security's Industrial Control Systems Cyber Emergency Response Team -- didn't want to be quoted. Neither did Tim Roxey, a staffer with the North American Electric Reliability Corp., the nonprofit corporation chartered with helping to keep the U.S. supply of electricity online.
- 15 Non-Certified IT Skills Growing in Demand
- How 19 Tech Titans Target Healthcare
- Twitter Suffering From Growing Pains (and Facebook Comparisons)
- Agile Comes to Data Integration
- Slideshow: 7 security mistakes people make with their mobile device
- iOS vs. Android: Which is more secure?
- 11 sure signs you've been hacked
- The 12 PCI DSS 3.0 requirements addressed by Peer 1 Hosting This handy quick reference outlines the 12 PCI DSS 3.0 requirements, who needs to be compliant and how Alert Logic solutions address the...
- Defense Throughout the Vulnerability Life Cycle This whitepaper provides insight into how to leverage threat and log management technologies to protect your IT assets throughout their vulnerability life cycle.
- Mobile Policy Checklist Here's what to consider when putting together a mobile policy designed to support a highly productive workforce.
- Securing BYOD Mobile computing is becoming so ubiquitous that people no longer bat an eye seeing someone working two devices simultaneously. Individuals and organizations are...
- Live Webcast On-demand webinar: "Mobility Mayhem: Balancing BYOD with Enterprise Security" Check out this on-demand webinar to hear Sophos senior security expert John Shier deep dive into how BYOD impacts your enterprise security strategy...
- Live Webcast Endpoint Backup & Restore: Protect Everyone, Everywhere Arek Sokol from the bleeding-edge IT team at Genentech/Roche explains how he leverages cross-platform enterprise endpoint backup in the public cloud as part...
- Streamline Software Asset Management, Compose a software Management Symphony Keeping track of your organization's software is easy with effective software management solutions from CDW. View the videos in our software solutions channel
- Druva inSync: Endpoint Data Protection & Governance CLICK HERE to watch this video about protecting corporate data on laptops and mobile devices, sponsored by Druva. All Security White Papers | Webcasts