Critical flaw found in industrial infrastructure control system

Sapo opens laboratory at the University of Aveiro

An American computer security expert revealed at the Defcon conference that terrorists and other criminals can exploit a flaw discovered in a software which controls oil refineries, factories and other infrastructure considered critical.

Ganesh Devarajan of TippingPoint indicates that the software concerned is used to manage and supervise SCADA systems – Supervisory Control And Data Acquisition -, which control important data associated with the operation of factories, such as gas emissions, water treatment or energy consumption. When monitored by third parties, the software can block, especially older versions, leading to uncontrolled industrial emissions.

Intrusions can be made by attacking the system’s sensors, through Internet connections that do not have encryption.

The investigator refused to identify the manufacturer of the software which he used to demonstrate the attacks but said that the case has already been reported to the company concerned so that it can correct the vulnerabilities.

According to Ganesh Devarajan, these types of failures are common in other systems, the exception being that a threat to SCADA can bring «frightening results» given the «importance they have for our daily lives», quotes the Associated Press.

Related News:

2006-08-07 – Investigator points to security breach in UK electronic passports