Hackers have the power to exploit a major vulnerability in the Industrial Ethernet Switches; a vulnerability that allows them to take over any Nuclear Power Plant and Hydroelectric Dam.
For those of you who still believe that hackers are only able to destroy websites, you are in for a wake-up call. In fact, new research has revealed some of the most unbelievable vulnerabilities in the Industrial Ethernet Switches (IES). This revealed vulnerability, allows a hacker to easily gain access into a Nuclear Power Plant or Hydroelectric Dam.
Just a few short weeks ago, security researchers uncovered the details of the vulnerabilities, and also presented the critical vulnerabilities in IES at the yearly BlackHat Cyber Security Conference in Las Vegas.
IES connects several devices inside of large power plants, hydroelectric dams, refineries, ports, factories as well as a few other industrial organizations. The IES is also responsible for the maintenance of the company’s internal network. With that in mind, the vulnerabilities that were found in IES will not only allow a cyber attacker gain access to the network, but will also allow them to gain full control over the respective plant/dam. If the vulnerabilities are revealed to the wrong person, the event could lead to fatal damages.
Although IES are not used inside of residential places, they are often used inside of larger scale operations. In fact, security researchers have proven that the hubs contain certain potential “pitfalls” that could ultimately result in catastrophic damages, if a large scale cyber attack did actually occur.
Some of the known security flaws in IES include a recurrent usage of default passwords, hard coded encryption keys, and a lack of the proper authentication that is needed for the firmware updates. The security researchers also claim that the combination of these three vulnerabilities form the basic fundamental failures of the security, thus ultimately making it rather easy and simple for hackers to gain access to their targeted system.
“Anything that the facility is capable of in its natural operating system, you’re [an attacker] capable of doing – and doing damage with if you control the network. With a power station, you can have major repercussions. With a hydroelectric dam, if you don’t monitor processes in a normal situation, it’ll spin out of control. Everything you have can be manipulated,” Robert Lee, a security researcher and an active-duty U.S. Air Force Cyber Warfare Operations Officer, told The Daily Dot in a interview
Another major security issue with IES, is that the hubs are also commonly used to connect the inner workings of the respective facility. As a result, all of the organizations that use the IES are susceptible to an attack.
However, the vulnerabilities are not the only things putting these organizations in danger; the ignorance and lack of attention, the outdated technology, and the old security practices are all a cause for concern.
Of course, it is possible that the careless operators do not regularly change their default password. In addition, it is also possible that the outdated technology does not possess the validation of authenticity that is required for the updates of major firmware.
Lee and Eireann Leverett, a risk researcher, are constantly working to address IES’s major security issues, and are even investigating alternative solutions in order to mitigate public fears.
Unless Lee and his team provide a lucrative solution, once hackers gain access to the organisation’s network, it becomes near impossible to save the respective organization.