Older industrial technology may present security risks
Much has been said about the vulnerability of industrial control systems in recent months. This is a good thing because most people don’t spend a lot of time thinking about or worrying about these systems. Unfortunately, they are among the most vulnerable systems of all.
Industrial control systems haven’t really changed much over the past ten or twenty years. The protocols they use are quite rudimentary by today’s standards. It’s no surprise that they are a bit more vulnerable than more modern and robust systems.
Researchers at Forescout Labs and JFrog Security recently highlighted this fact by highlighting fourteen different security flaws found in protocols commonly used by industrial control systems.
They nicknamed the set of faults “Infra: Halt”. As the name suggests, these exploits can put an end to large swathes of the country’s infrastructure. This is if hackers use the exploits and most security experts agree that it is only a matter of time.
Forescout wrote extensively about each of the fourteen exploits in a recent blog post.
Daniel dos Santos (research manager at Forescout) said this about the risks:
“When you’re dealing with working technology, device and system crashes can have a variety of serious consequences. There are also possibilities for remote code execution in these vulnerabilities, which would allow an attacker to take control of a device, and not just crash it but cause it to behave in a way that it does not. ‘is not intended for or used to rotate within the network. “
This is indeed a serious threat. Fortunately, patches that correct many vulnerabilities are currently available.
If your business is in any way tied to the sale or maintenance of industrial control systems, researchers recommend immediate upgrades. Upgrades will fix currently known vulnerabilities to minimize risk.
Used with permission from Article Aggregator