14 DAY TRIAL // A security researcher demonstrated dangerous attacks against popular models of Siemens programmable logic controllers (PLCs) at the Black Hat USA security conference.
The attacks and vulnerabilities were discovered by NSS Labs security researcher Dillon Beresford and affect Siemens Simatic Step 7 SCADA systems.
SCADA (supervisory control and data acquisition) systems are used to control and monitor industrial installations in factories, power distribution plants, oil and gas refineries, etc.
Beresford demonstrated that an attacker can read and write data to Siemens PLCs even if they are password protected and can also execute arbitrary commands or disable them.
He warned that his attacks can be executed by malware that can spread through the automation network and infect all systems in a similar manner Stuxnet did.
The root of these problems is that PLC communication protocols were not designed with security in mind and are therefore easy to abuse.
SCADA security has pretty much been an obscure field until Stuxnet outlined the risks. Since the industrial sabotage worm was discovered, there's been a lot of SCADA security research published, some of it by Beresford.
The NSS Lab researcher canceled a talk earlier this year after Siemens and the US Industrial Control Systems Cyber Emergency Response Team (ICS-CERT) expressed fears over his research and asked for more time to come up with patches.
Some of the flaws Beresford talked about have already been addressed by Siemens, however, it's not clear how many facilities deployed them yet. Following his Black Hat talk, the North American Electric Reliability Corp. (NERC) issued an advisory.
The researcher has been working with Siemens to get the remaining flaws patched as soon as possible. "At some point you really have to accept that there are vulnerabilities in your products [...]. Accepting this was the first step in order to be able to handle this professionally," said Thomas Brandstetter, a CERT program manager for Siemens, according to CNET.