[ISN] Private crypto key in mission-critical hardware menaces electric grids

From: InfoSec News <alerts_at_private>
Date: Thu, 23 Aug 2012 04:17:37 -0500 (CDT)
http://arstechnica.com/security/2012/08/mission-critical-hardware-flaw/

By Dan Goodin
Ars Technica
Aug 22, 2012

A private encryption key embedded into widely used mission-critical 
routers could be exploited by hackers to attack electric substations, 
railroad switches, and other critical infrastructure, security 
researchers have warned.

The flaw, uncovered in devices made by Siemens subsidiary RuggedCom of 
Ontario, Canada, is the second this year to affect its Rugged Operating 
System. The firmware runs mission-critical routers that have been used 
by the US Navy, petroleum giant Chevron, and the Wisconsin Department of 
Transportation to help administer industrial control systems and 
supervisory control and data acquisition systems, which flip switches, 
turn valves, and manipulate other machinery in industrial settings. 
Rugged OS is fluent in both the Modbus and DNP3 communications protocols 
used to natively administer such ICS and SCADA gear.

According to security researcher Justin W. Clarke, Rugged OS contains 
the same private key used to decrypt secure-sockets-layer communications 
sent by administrators who log into the devices. This allows attackers 
who may have compromised a host on the network to eavesdrop on sessions 
and retrieve user login credentials and other sensitive details. Plenty 
of small and home office routers also contain private SSL keys. What's 
different here is that RuggedCom devices, which are designed to 
withstand extreme dust, heat, and other harsh conditions, are connected 
to machinery that controls electrical substations, traffic control 
systems, and other critical infrastructure.

"This is fairly typical in cheap consumer-grade embedded products, and 
has the unfortunate effect that easy Man-In-The-Middle attacks can be 
performed against products," K. Reid Wightman, an industrial control 
systems security expert for Digital Bond, wrote in a blog post published 
Wednesday. "For example, any compromised host on the switch management 
network can be used to spoof affected RuggedCom switches, meaning that 
the bad guy or gal could capture legitimate usernames and passwords for 
the switch."

[...]
Received on Thu Aug 23 2012 - 02:17:37 PDT

This archive was generated by hypermail 2.2.0 : Thu Aug 23 2012 - 02:23:49 PDT