Vulnerabilities Lead to Easy Attack

Wednesday, May 4, 2011 @ 05:05 PM gHale

By Gregory Hale
Good morning manufacturing automation industry.

That was the wake-up call for the industry after the industry became aware of the sophisticated worm that hit last July.

“Stuxnet showed a control system could be compromised,” said Joel Langill, chief technology officer at SCADAHacker during a session entitled, “Exploitation 101: Turning a SCADA Vulnerability into a Successful Attack” at the ICSJWG 2011 Spring Conference in Dallas.

That attack garnered so much attention, a security researcher, Luigi Auriemma, who focuses mainly on finding holes in the gaming industry started looking at SCADA software and he found, and published, 34 vulnerabilities in software from four different companies.

“All of a sudden control systems are in the headlines,” Langill said.

When the vulnerabilities released, officials said they were not critical vulnerabilities. Langill disagrees. To prove that point he looked at one of the companies that suffered from the vulnerabilities: 7 Technologies, which has 28,000 installed systems throughout the world.

Langill offered a demonstration of how easy it was to get into a SCADA system by exploiting one of these vulnerabilities and taking over the system. While an attacker would need a basic understanding of what to look for, Langill showed just how easy it was to get in write a few commands and take over the system.

“It is now becoming obvious that once you get into a network, it is a pretty straight forward attack,” Langill said.

While the companies that suffered from the vulnerabilities often patch their software, placing a patch into a manufacturer’s system is not necessarily a quick thing.

“It could be 6 to 9 months from now before the systems will be patched,” he said.

That leaves a manufacturer open to attack for an extended period of time. “There are people out there paying to get a SCADA exploit,” Langill said. As a matter of fact, Langill said he heard there were more vulnerabilities Auriemma found and he only published the ones he could not sell. He said Auriema confirmed he did sell some of the vulnerabilities from other companies.

Not to be overly dramatic, but “the worst has yet to come,” Langill said.

Leave a Reply

You must be logged in to post a comment.