A US government agency is investigating the claims of a software flaw in industrial networking equipment made by a Siemens subsidiary, that could allow hackers to decrypt SSL traffic between the end-user and network devices.
The flaw could enable cyberterrorists to obtain necessary credentials and sabotage critical infrastructure, such as power plants, energy grids and water mains.
Security expert Justin Clarke claimed he has found a software flaw in Siemens equipment that could allow hackers to monitor network traffic, at a conference in Los Angeles on Friday. According to Reuters, the flaw was hiding in instruments produced by Canadian RuggedCom, a Siemens subsidiary specialising in networking gear for extreme environments.
On Tuesday, the US Department of Homeland Security has requested RuggedCom to investigate Clarke’s claims and find a solution to the issue. Industrial Control Systems Cyber Emergency Response Team (ICS-CERT) has been called in to help with the analysis.
All devices running RuggedCom’s operating system use a single hard-coded software key to encrypt communications. Once that key has been “cracked”, it is possible to spy on traffic and obtain credentials needed to issue commands. Clarke says he successfully extracted the key from a piece of equipment he bought on eBay, using nothing but computers in his bedroom.
Again, this bears some resemblance to the default passwords that Stuxnet used to infiltrate Iranian systems, which were the same across all Siemens logical controllers.
This discovery is especially worrying since, according to Clarke, the vulnerability could be used to gain access to systems controlling critical national infrastructure.
ICS-CERT has recommended that users of RuggedCom equipment take defensive measures to decrease the risk of exploitation of these vulnerabilities, such as minimising network exposure for all control system devices, isolating them from the business networks and using firewalls at all times.
“Organizations that observe any suspected malicious activity should follow their established internal procedures and report their findings to ICS-CERT for tracking and correlation against other incidents,” concluded an alert issued to infrastructure owners and operators.
Earlier this year, Clarke had discovered another flaw in RuggedCom products that could give hackers using a “back door” account full control of the equipment running company’s proprietary operating system.
How well do you know Internet security? Try our quiz and find out!
To settle US federal and state claims over multiple data breaches, Marriott International agrees $52…
ByteDance's TikTok is laying off up to 500 employees as it moves to greater use…
In this episode, we uncover why most organisations aren’t ready to harness generative AI. We…
Mixed reactions as Elon Musk hypes $30,000 'self driving' robotaxi called Cybercab, as well as…
AMD unveils new AI and data centre chips as it seeks to improve challenge to…
AT&T and Verizon among US broadband providers reportedly hacked to target American government wiretapping platform
View Comments
Hi,
The send to email function on this web page is broken!
Have tried to use the email send tool on this web page twice - both times the wrong article was sent.