IES issue can be weaponized in nation-to-nation attacks

Aug 3, 2015 11:41 GMT  ·  By

Security researchers have announced that they plan to reveal a new vulnerability in Industrial Ethernet Switches (IES) at the upcoming Black Hat cybersecurity conference in Las Vegas, as Daily Dot reports.

Industrial Ethernet Switches are specially designed Internet switches, meant to be deployed in large enterprises and interconnect various equipment that's lying around in the factory's building(s).

On the hardware side, they don't differ from regular Internet switches, but software-wise, they come equipped with support for extra protocols, not usually encountered in your regular Joe's family home.

According to researchers, a new vulnerability was found in IESs and it can grant attackers access, and then control over the device, and the subsequent industrial network in question.

Since IESs are deployed in almost every industry sector, this vulnerability could be easily used to attack critical targets like nuclear power plants, hydroelectric dams, steel mills, water purifying stations, electrical power nodes, and so on.

The vulnerability can be weaponized in some worst case scenarios

If used properly by government-controlled agencies, this vulnerability can be easily weaponized to carry out attacks on the infrastructure of enemy countries. Yes, Kim Jong-un! You read it right, we said "weaponized."

Security experts say that they used a combination of "default passwords, hard-coded encryption keys, and a lack of proper authentication for firmware updates."

This, along with the usage of "forged session IDs, cross-site scripting, and cross-site requests" allowed researchers to gain access to the device, on which they created a new administrator account to use as a backdoor.

Additionally, old hidden accounts created and used for maintenance operations could also be used backdoors, if left behind and found by attackers.

IES equipment manufacturers were informed of the problem

The research was carried out under the supervision of IOActive, a company that provides security solutions for mid to large companies.

Switch vendors Garrettcom, General Electric, Opengear, and Siemens were informed of the vulnerability in their products, and have started working on patches and several mitigation services to protect equipment in the meantime, until the patches are finished and distributed.

Since this process can take several years sometimes, this leaves the door open for hackers to attack enterprises that like to take risks when dealing with security problems.