Articles about industrial control

milk production line. Photo by SHutterstock

Pwned with '4 lines of code': Researchers warn SCADA systems are still hopelessly insecure

BSides London Industrial control systems could be exposed not just to remote hackers, but to local attacks and physical manipulation as well. A presentation at last week's BSides London conference by researchers from INSINIA explained how a device planted on a factory floor can identify and list networks, and trigger controllers to stop …
John Leyden, 18 Jun 2018
Ladders

Researchers offer simple scheme to stop the next Stuxnet

One of the world's oldest programming styles, the ladder logic that runs on industrial programmable logic controllers, remains dangerously vulnerable to attack, according to boffins from Singapore and India. The researchers – Naman Govil of the International Institute of Information Technology, Hyderabad; and Anand Agrawal and …
Prince philip Thames barrier old control room photo Environment Agency

Definitely not another Stuxnet, researchers claim as they demo industrial control rootkit

Black Hat EU Security researchers have come up with another way to hack Programmable Logic Controllers (PLCs) at industrial plants. Ali Abbasi, a PhD student at the University of Twente, and Majid Hashemi, a research engineer at Quarkslab, have developed an attack that involves tweaking the PIN configuration of a system chip in order to …
John Leyden, 8 Nov 2016
Robot looks into magnifying glass, human eye displayed. Photo by Shutterstock

Freeze ...SCADA! Flaw lets hackers peel away Human Machine Interface

Security researchers have discovered another serious vulnerability in industrial control kit from Schneider Electric. System crashing flaws in the physical HMI (Human Machine Interface) hardware, dubbed PanelShock by security researchers, follow days after the earlier disclosure of security vulnerabilities in Schneider …
John Leyden, 1 Nov 2016
Worker welds at manufacturing plant. Phto by Shutterstock

Industrial control kit hackable, warn researchers

Multiple vulnerabilities in MOXA ioLogik controllers placed industrial facilities at risk if they do not apply patches. Applied Risk said it had found multiple vulnerabilities in the MOXA E1242 Ethernet remote I/O series, a widely used range of kit used in industrial facilities such as utilities and manufacturing plants. Code …
John Leyden, 4 Oct 2016
Welders wearing protective clothing fixing welding and grinding industrial construction oil and gas or water and sewerage plumbing pipeline outside on site. Photo by Andrea Slatter/Shutterstock

Cisco security crew uncovers bug in industrial control kit

Cisco has uncovered a potentially serious bug in widely used industrial control system kit. The vulnerability in Allen-Bradley Rockwell Automation MicroLogix1400 Programmable Logic Controllers (PLCs) arose from the presence of an undocumented Simple Network Management Protocol (SNMP) community string. The flaw might be …
John Leyden, 15 Aug 2016

SCADA malware caught infecting European energy company

Security researchers have identified a strain of malware that has already infected at least one European energy company. The malware, dubbed SFG, is related to an earlier sample called Furtim, that created a backdoor on targeted industrial control systems. This backdoor might be used to deliver a payload which could be used to …
John Leyden, 12 Jul 2016
Siemens GSM-R train cab radio. Pic: Joshua Brown

UK rail comms are safer than mobes – for now – say infosec bods

Analysis Last week's warning that Britain's railway systems could be susceptible to hacking has triggered a debate among security experts. Prof David Stupples of City University London made headlines last week with a warning that plans to replace the existing (aging) signalling system with the new European Rail Traffic Management …
John Leyden, 30 Apr 2015

Attackers fling Stuxnet-style RATs at critical control software in EUROPE

Security researchers have uncovered a series of Trojan-based attacks which have infiltrated several targets by infecting industrial control system software from the makers of SCADA and ICS systems. The majority of the victims are located in Europe, though at the time of writing at least one US firm's compromised gear appears …
John Leyden, 26 Jun 2014

Schneider Electric asks users to patch Heartbleed again

Industrial controller vendor Schneider Electric has found that while its own kit wasn't affected by the Heartbleed OpenSSL bug, there are some third party components that need work. In an advisory published here (PDF), the company says a third-party software component, Tableau from Wonderware, could re-introduce a Heartbleed …
The Register breaking news

Feds slam hacker-friendly backdoors in jalopy, grub factories

Security researchers have uncovered hard-coded user accounts that could act as backdoors into food, car, and agricultural production systems across the world. The flaw, which allows attackers to launch remote exploits, was found in a pair of industrial control devices. The security hole was found in the BL20 and BL67 …
John Leyden, 24 May 2013
The Register breaking news

Exploit broker releases EXPLICIT VIDS of holes in industrial control kit

Malta-based security start-up ReVuln claims to have uncovered a raft of vulnerabilities in industrial control kit from many leading manufacturers. ReVuln released a video depicting zero-day exploits against SCADA* equipment from Siemens, General Electric, Schneider Electric, ABB/Rockwell and others. The unpatched flaws are all …
John Leyden, 23 Nov 2012
The Register breaking news

RuggedCom will block industrial control backdoor

A year after it was first discovered, a backdoor in industrial networking kit from Canadian RuggedCom is to be fixed – sometime soon. The company, a Siemens subsidiary via acquisition in March, has announced that it will release new firmware disabling backdoor access to devices running its ROS operating systems. These include …
The Register breaking news

Missing piece completes Stuxnet jigsaw

Security researchers have found an important missing piece in the Stuxnet jigsaw that provides evidence that the malware was targeted at the types of control systems more commonly found in nuclear plants and other specialised operations than in mainstream factory controls. It was already known that the highly sophisticated …
John Leyden, 15 Nov 2010
The Register breaking news

Stuxnet 'a game changer for malware defence'

The Stuxnet malware is a game changer for critical information infrastructure protection, an EU security agency has warned. ENISA (European Network and Information Security Agency) warns that a similar attack of malware capable of sabotaging industrial control systems as Stuxnet may occur in future. The worm, whose primary …
John Leyden, 9 Oct 2010

Create a news alert about industrial control, or find more stories about industrial control.

Biting the hand that feeds IT © 1998–2018