[ISN] Researchers Release New Exploits to Hijack Critical Infrastructure

From: InfoSec News <alerts_at_private>
Date: Fri, 6 Apr 2012 01:40:48 -0500 (CDT)
http://www.wired.com/threatlevel/2012/04/exploit-for-quantum-plc/

By Kim Zetter
Threat Level
Wired.com
April 5, 2012

Researchers have released two new exploits that attack common design 
vulnerabilities in a computer component used to control critical 
infrastructure, such as refineries and factories.

The exploits would allow someone to hack the system in a manner similar 
to how the Stuxnet worm attacked nuclear centrifuges in Iran, a hack 
that stunned the security world with its sophistication and ability to 
use digital code to create damage in the physical world.

The exploits attack the Modicon Quantum programmable logic controller 
made by Schneider-Electric, which is a key component used to control 
functions in critical infrastructures around the world, including 
manufacturing facilities, water and wastewater management plants, oil 
and gas refineries and pipelines, and chemical production plants. The 
Schneider PLC is an expensive system that costs about $10,000.

One of the exploits allows an attacker to simply send a “stop” command 
to the PLC.

[...]


_______________________________________________
LayerOne Security Conference
May 26-27, Clarion Hotel, Anaheim, CA
http://www.layerone.org
Received on Thu Apr 05 2012 - 23:40:48 PDT

This archive was generated by hypermail 2.2.0 : Thu Apr 05 2012 - 23:45:16 PDT