Researchers expose flaws in popular industrial control systems

Proof-of-concept exploits for multiple vulnerabilities in SCADA products were demonstrated at the 2012 SCADA Security Scientific Symposium

Researchers showcased unpatched security flaws in software used to control critical industrial systems by oil, gas, water and electrical distribution plants at the 2012 SCADA Security Scientific Symposium (S4) on Thursday.

The vulnerabilities ranged from information disclosure and privilege escalation bugs to remote denial-of-service (DoS) and arbitrary code execution flaws.

The research team, which included Reid Wightman, Dillon Beresford, Jacob Kitchel, Rubén Santamarta and two other researchers who chose to remain anonymous, worked as part of a project called Basecamp that was sponsored by industrial control systems (ICS) security firm Digital Bond.

The tested products were Control Microsystems' SCADAPack, the General Electric D20ME, the Koyo / Direct LOGIC H4-ES, Rockwell Automation's ControlLogix and MicroLogix, the Schneider Electric Modicon Quantum and Schweitzer's SEL-2032.

The affected vendors were not notified in advance about the discovered vulnerabilities and the proof-of-concept exploits showcased at S4 are being integrated into the popular Metasploit penetration testing framework.

"We are hoping that Project Basecamp will be a Firesheep moment for PLC's [programmable logic controllers]," said Reid Wightman, a Digital Bond security consultant and Basecamp project lead.

The Firesheep extension for Firefox, which can hijacking people's online accounts when they use open wireless networks, is credited with pushing major online service providers like Google, Facebook, Twitter and Hotmail to add support for persistent HTTPS connections.

Project Basecamp hopes to trigger a similar reaction from SCADA (supervisory control and data acquisition) software developers, whose products have largely been overlooked by the security research community until the Stuxnet industrial sabotage worm emerged in 2010.

Stuxnet, which is considered by many the most sophisticated malware of all times, exploited flaws in SCADA software from SIemens in order to inject malicious code in PLCs used to control uranium enrichment centrifuges at Iran's Natanz nuclear facility.

"For a long time this kind of software [SCADA] has been 'under the radar', living a quiet existence," said Rubén Santamarta, one of the Project Basecamp contributors. "But lately some researchers have been busy targeting ICS products and as a consequence dozens of vulnerabilities emerged in a relatively short time window."

"It has been a 'shock' for the industrial sector, I'm not sure whether they were really prepared to deal with that scenario," Santamarta said. "As a note, we should realize that probably their customers were not asking for security either."

Many of the security problems uncovered by Project Basecamp stem from design flaws and a lot of SCADA products have undocumented features that can be abused for malicious purposes.

"It's not rare to see an industrial software that uses hardcoded accounts or services that look almost like backdoors," said Luigi Auriemma, an independent security researcher who identified and reported SCADA vulnerabilities before. When these features are found, most of the time the only solution is to remove them, he said.

Auriemma believes that the public disclosure of unpatched vulnerabilities, known as zero days, coupled with the activity of the Industrial Control Systems Cyber Emergency Response Team (ICS-CERT), has had a positive effect on vendors and pushed them to address some of the problems.

However, a more proactive approach like taking security into consideration when designing these SCADA products in the first place, is needed. "It will take time but I strongly believe that security will be seen as a fundamental key as well as an added value for any industrial device in the near future," Santamarta said.

ICS-CERT has already published advisories for many vulnerabilities disclosed by Project Basecamp, and Digital Bond has worked with Tenable to create detection plugins for the Nessus vulnerability scanner.

Join the PC World newsletter!

Error: Please check your email address.

Our Back to Business guide highlights the best products for you to boost your productivity at home, on the road, at the office, or in the classroom.

Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.

Lucian Constantin

IDG News Service
Show Comments

Most Popular Reviews

Latest News Articles

Resources

PCW Evaluation Team

Azadeh Williams

HP OfficeJet Pro 8730

A smarter way to print for busy small business owners, combining speedy printing with scanning and copying, making it easier to produce high quality documents and images at a touch of a button.

Andrew Grant

HP OfficeJet Pro 8730

I've had a multifunction printer in the office going on 10 years now. It was a neat bit of kit back in the day -- print, copy, scan, fax -- when printing over WiFi felt a bit like magic. It’s seen better days though and an upgrade’s well overdue. This HP OfficeJet Pro 8730 looks like it ticks all the same boxes: print, copy, scan, and fax. (Really? Does anyone fax anything any more? I guess it's good to know the facility’s there, just in case.) Printing over WiFi is more-or- less standard these days.

Ed Dawson

HP OfficeJet Pro 8730

As a freelance writer who is always on the go, I like my technology to be both efficient and effective so I can do my job well. The HP OfficeJet Pro 8730 Inkjet Printer ticks all the boxes in terms of form factor, performance and user interface.

Michael Hargreaves

Windows 10 for Business / Dell XPS 13

I’d happily recommend this touchscreen laptop and Windows 10 as a great way to get serious work done at a desk or on the road.

Aysha Strobbe

Windows 10 / HP Spectre x360

Ultimately, I think the Windows 10 environment is excellent for me as it caters for so many different uses. The inclusion of the Xbox app is also great for when you need some downtime too!

Mark Escubio

Windows 10 / Lenovo Yoga 910

For me, the Xbox Play Anywhere is a great new feature as it allows you to play your current Xbox games with higher resolutions and better graphics without forking out extra cash for another copy. Although available titles are still scarce, but I’m sure it will grow in time.

Featured Content

Latest Jobs

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?