Power Plants Are Vulnerable To Hackers

2 min read
Power Plants Are Vulnerable To Hackers

Power Plants Are Vulnerable To Hackers with Siemens flaw

The U.S. Department of Homeland Security has issued an alert warning that hackers could exploit code in Siemens-owned technology to attack power plants and other national critical infrastructure.

Justin W. Clarke, an expert in securing industrial control systems, disclosed at a conference in Los Angeles on Friday that he had figured out a way to spy on traffic moving through networking equipment manufactured by Siemens' RuggedCom division.

RuggedCom, a Canadian subsidiary of Siemens that sells networking equipment for use in harsh environments such as areas with extreme weather, said it was investigating Clarke's findings, but declined to elaborate. Clarke said that the discovery of the flaw is disturbing because hackers who can spy on communications of infrastructure operators could gain credentials to access computer systems that control power plants and other critical systems.

According to security researcher Justin W. Clarke, Rugged OS contains the same private key used to decrypt secure-sockets-layer communications sent by administrators who log into the devices. This allows attackers who may have compromised a host on the network to eavesdrop on sessions and retrieve user login credentials and other sensitive details.

Plenty of small and home office routers also contain private SSL keys. What's different here is that RuggedCom devices, which are designed to withstand extreme dust, heat, and other harsh conditions, are connected to machinery that controls electrical substations, traffic control systems, and other critical infrastructure.

This is the second bug that Clarke, a high school graduate who never attended college, has discovered in products from RuggedCom, which are widely used by power companies that rely on its equipment to support communications to remote power stations.

Although there have been no publicly reported cases of damage caused by cyber-attacks on US critical infrastructure, the issue is a growing problem.

Countries around the world have been alerted to the threat after revelations that the Stuxnet virus had targeted a uranium enrichment facility in Iran.Earlier this month security firms reported another type of malware - dubbed Shamoon had struck "at least one organisation" in the energy sector.

Follow us on Telegram and Twitter for all such latest cybersecurity news and updates.

SABU still helping Feds to entrap hackers
Previous article

SABU still helping Feds to entrap hackers

LulzSec Leader Sabu Gets 6-Month Sentencing Delay for helping Feds Today was the day that Hector Xavier Monsegur, a.k.a. Sabu, Xavier DeLeon, and

Malware Campaign Targeting BlackBerry
Next article

Malware Campaign Targeting BlackBerry

Malware Campaign Targeting BlackBerry Websense ThreatSeeker Network intercepted a malware campaign targeting BlackBerry customers. These fake emails state that the recipient has successfully created a


🎉 You've successfully subscribed to Hack Reports!