Researcher Security Hole Found in US Power Plants, DHS is Investigating
Security researcher figure out seirous flaws in software for specialized networking equipment from Siemens could enable hackers to attack US power plants and other critical systems. A security expert said that he had found a backdoor in hardware from a Siemens subsidiary. The alleged flaw was made public by security researcher Justin W Clarke at a conference in Los Angeles. The equipment is widely used by power companies mainly based on US. Clarke said that the discovery of the flaw is disturbing because hackers who can spy on communications of infrastructure operators could gain credentials to access computer systems that control power plants and other critical systems. "If you can get to the inside, there is almost no authentication, there are almost no checks and balances to stop you," Clarke said.
The Department of Homeland Security said it was in contact with the firm to assess the claim. After this issue came in-front, the US Govt immeditely taken stpes & investigating the whole scenario. RuggedCom, a Canadian subsidiary of Siemens that sells networking equipment for use in harsh environments such as areas with extreme weather, said it was investigating Clarke's findings, but declined to elaborate. This is the second bug that Clarke, a high school graduate who never attended college, has discovered in products from RuggedCom, which are widely used by power companies that rely on its equipment to support communications to remote power stations.
In May, RuggedCom released an update to its Rugged Operating System software after Clarke discovered that it had a previously undisclosed "back door" account that could give hackers remote access to the equipment with an easily obtained password. The Department of Homeland Security's Industrial Control Systems Cyber Emergency Response Team, which is known as ICS-CERT, said in its advisory on Tuesday that government analysts were working with RuggedCom and Clarke to figure out how to best mitigate any risks from the newly identified vulnerability. "According to this report, the vulnerability can be used to decrypt SSL traffic between an end-user and a RuggedCom network device," Read the full advisory.
This is not the first time, earlier in 2011 - researcher found vulnerability in the security system of US Power Grid, form which NSA suspected that hacktivist Anonymous may even shutdown the entire US Power Grid. later The White House introduced an Electric Sector Cybersecurity Risk Maturity Model. For these kind of cyber security updates & news, just stay tuned with VOGH.
-Source (Reuters & BBC)
LINK TO OUR HOME PAGE :
Voice Of GREYHAT is a non-profit Organization propagating news specifically related with Cyber security threats, Hacking threads and issues from all over the spectrum. The news provided by us on this site is gathered from various Re-Sources. if any person have some FAQ's in their mind they can Contact Us. Also you can read our Privacy Policy for more info.
Thank You !
-Team VOGH
If you enjoyed VOGH News, Articles Then Do Make sure you to Subscribe Our RSS feed. Stay Tuned with VOGH and get Updated about Cyber Security News, Hacking Threads and Lots More. All our Articles and Updates will directly be sent to Your Inbox. Thank You!
-Team VOGH
Categories:
Cyber Security
,
Hacker
,
security-news
,
vulnerablity