After delay, hacker to show flaws in Siemens industrial gear

NSS Labs says it will disclose Siemens flaws at Black Hat, after holding back its research for security reasons

A security researcher who says he's found serious problems with Siemens computers used in power plants and heavy industry is now expecting to go public with his research at the Black Hat security conference in Las Vegas.

In May, NSS Labs Researcher Dillon Beresford pulled out of a Dallas hacking conference at the last minute when Siemens was unable to fix problems he'd found in the firmware of its S7 programmable logic controller. After consulting with Siemens and the U.S. Department of Homeland security, NSS decided that it was simply too dangerous to go public with its information before a patch could be fully developed. The systems Beresford had hacked are used to run power and chemical plants, some of which could be damaged if they were hit by a computer attack.

Now NSS Labs CEO Rick Moy says Beresford is rescheduled to deliver his talk at Black Hat, which runs Aug. 2-3.

Beresford has discovered six vulnerabilities in the S7 that "allow an attacker to have complete control of the device," Moy said. Devices like the S7 do things such as control how fast a turbine spins or open gates on dams.

The attack was developed on an S7-1200 system, but NSS believes other models of the S7 are also vulnerable.

For Beresford's attack to work, a hacker would have to first be on the same network as the Siemens system. Industrial systems like the S7 are often designed to run on "air-gapped" networks that are physically separated from the rest of the plant's computer systems. That would protect them from Beresford's attack, but security researchers have shown that it's often possible to reach these networks from the Internet. The Stuxnet worm, for example jumped across networks by infecting USB drives.

Breaking into some industrial networks would be even easier than that, according to Moy. "The dirty little secret about [such industrial] systems in general is that very few are properly air-gapped," he said.

NSS Labs expects Siemens to issue a patch in the next few weeks, well ahead of the August presentation. "They didn't give any firm timelines," he said. "They said unofficially that they were pretty confident that they'll be able to get their stuff out before then."

Siemens could not immediately be reached for comment.

However, in previous statements, the company has implied that the NSS attack might be hard to pull off in the real world. "While NSS Labs has demonstrated a high level of professional integrity by providing Siemens access to its data, these vulnerabilities were discovered while working under special laboratory conditions with unlimited access to protocols and controllers," Siemens said last month.

Beresford wasn't impressed with that comment. In a May interview, he called for Siemens to publish a security advisory on the bugs along with a timetable of when they will be fixed. "Now that they're trying to minimize the impact and do PR damage control, I feel that they're not servicing the public's interest," he said. "I'm not pleased with their response... They didn't provide enough information to the public."

Robert McMillan covers computer security and general technology breaking news for The IDG News Service. Follow Robert on Twitter at @bobmcmillan. Robert's e-mail address is robert_mcmillan@idg.com

Join the newsletter!

Or

Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.

Tags energyManufacturingindustry verticalssiemensNSS LabsExploits / vulnerabilities

Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.

Robert McMillan

IDG News Service
Show Comments

Cool Tech

Toys for Boys

Family Friendly

Stocking Stuffer

SmartLens - Clip on Phone Camera Lens Set of 3

Learn more >

Christmas Gift Guide

Click for more ›

Brand Post

Most Popular Reviews

Latest Articles

Resources

PCW Evaluation Team

Aysha Strobbe

Microsoft Office 365/HP Spectre x360

Microsoft Office continues to make a student’s life that little bit easier by offering reliable, easy to use, time-saving functionality, while continuing to develop new features that further enhance what is already a formidable collection of applications

Michael Hargreaves

Microsoft Office 365/Dell XPS 15 2-in-1

I’d recommend a Dell XPS 15 2-in-1 and the new Windows 10 to anyone who needs to get serious work done (before you kick back on your couch with your favourite Netflix show.)

Maryellen Rose George

Brother PT-P750W

It’s useful for office tasks as well as pragmatic labelling of equipment and storage – just don’t get too excited and label everything in sight!

Cathy Giles

Brother MFC-L8900CDW

The Brother MFC-L8900CDW is an absolute stand out. I struggle to fault it.

Luke Hill

MSI GT75 TITAN

I need power and lots of it. As a Front End Web developer anything less just won’t cut it which is why the MSI GT75 is an outstanding laptop for me. It’s a sleek and futuristic looking, high quality, beast that has a touch of sci-fi flare about it.

Emily Tyson

MSI GE63 Raider

If you’re looking to invest in your next work horse laptop for work or home use, you can’t go wrong with the MSI GE63.

Featured Content

Product Launch Showcase

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?