http://arstechnica.com/security/2012/08/mission-critical-hardware-flaw/ By Dan Goodin Ars Technica Aug 22, 2012 A private encryption key embedded into widely used mission-critical routers could be exploited by hackers to attack electric substations, railroad switches, and other critical infrastructure, security researchers have warned. The flaw, uncovered in devices made by Siemens subsidiary RuggedCom of Ontario, Canada, is the second this year to affect its Rugged Operating System. The firmware runs mission-critical routers that have been used by the US Navy, petroleum giant Chevron, and the Wisconsin Department of Transportation to help administer industrial control systems and supervisory control and data acquisition systems, which flip switches, turn valves, and manipulate other machinery in industrial settings. Rugged OS is fluent in both the Modbus and DNP3 communications protocols used to natively administer such ICS and SCADA gear. According to security researcher Justin W. Clarke, Rugged OS contains the same private key used to decrypt secure-sockets-layer communications sent by administrators who log into the devices. This allows attackers who may have compromised a host on the network to eavesdrop on sessions and retrieve user login credentials and other sensitive details. Plenty of small and home office routers also contain private SSL keys. What's different here is that RuggedCom devices, which are designed to withstand extreme dust, heat, and other harsh conditions, are connected to machinery that controls electrical substations, traffic control systems, and other critical infrastructure. "This is fairly typical in cheap consumer-grade embedded products, and has the unfortunate effect that easy Man-In-The-Middle attacks can be performed against products," K. Reid Wightman, an industrial control systems security expert for Digital Bond, wrote in a blog post published Wednesday. "For example, any compromised host on the switch management network can be used to spoof affected RuggedCom switches, meaning that the bad guy or gal could capture legitimate usernames and passwords for the switch." [...]Received on Thu Aug 23 2012 - 02:17:37 PDT
This archive was generated by hypermail 2.2.0 : Thu Aug 23 2012 - 02:23:49 PDT