After delay, hacker to show flaws in Siemens industrial gear

NSS Labs says it will disclose Siemens flaws at Black Hat, after holding back its research for security reasons

A security researcher who says he's found serious problems with Siemens computers used in power plants and heavy industry is now expecting to go public with his research at the Black Hat security conference in Las Vegas.

In May, NSS Labs Researcher Dillon Beresford pulled out of a Dallas hacking conference at the last minute when Siemens was unable to fix problems he'd found in the firmware of its S7 programmable logic controller. After consulting with Siemens and the U.S. Department of Homeland security, NSS decided that it was simply too dangerous to go public with its information before a patch could be fully developed. The systems Beresford had hacked are used to run power and chemical plants, some of which could be damaged if they were hit by a computer attack.

Now NSS Labs CEO Rick Moy says Beresford is rescheduled to deliver his talk at Black Hat, which runs Aug. 2-3.

Beresford has discovered six vulnerabilities in the S7 that "allow an attacker to have complete control of the device," Moy said. Devices like the S7 do things such as control how fast a turbine spins or open gates on dams.

The attack was developed on an S7-1200 system, but NSS believes other models of the S7 are also vulnerable.

For Beresford's attack to work, a hacker would have to first be on the same network as the Siemens system. Industrial systems like the S7 are often designed to run on "air-gapped" networks that are physically separated from the rest of the plant's computer systems. That would protect them from Beresford's attack, but security researchers have shown that it's often possible to reach these networks from the Internet. The Stuxnet worm, for example jumped across networks by infecting USB drives.

Breaking into some industrial networks would be even easier than that, according to Moy. "The dirty little secret about [such industrial] systems in general is that very few are properly air-gapped," he said.

NSS Labs expects Siemens to issue a patch in the next few weeks, well ahead of the August presentation. "They didn't give any firm timelines," he said. "They said unofficially that they were pretty confident that they'll be able to get their stuff out before then."

Siemens could not immediately be reached for comment.

However, in previous statements, the company has implied that the NSS attack might be hard to pull off in the real world. "While NSS Labs has demonstrated a high level of professional integrity by providing Siemens access to its data, these vulnerabilities were discovered while working under special laboratory conditions with unlimited access to protocols and controllers," Siemens said last month.

Beresford wasn't impressed with that comment. In a May interview, he called for Siemens to publish a security advisory on the bugs along with a timetable of when they will be fixed. "Now that they're trying to minimize the impact and do PR damage control, I feel that they're not servicing the public's interest," he said. "I'm not pleased with their response... They didn't provide enough information to the public."

Robert McMillan covers computer security and general technology breaking news for The IDG News Service. Follow Robert on Twitter at @bobmcmillan. Robert's e-mail address is robert_mcmillan@idg.com

Tags NSS LabssiemenssecurityManufacturingExploits / vulnerabilitiesindustry verticalsenergy

Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.

Robert McMillan

IDG News Service

Comments

Comments are now closed.

Latest News Articles

Most Popular Articles

Follow Us

GGG Evaluation Team

Kathy Cassidy

STYLISTIC Q702

First impression on unpacking the Q702 test unit was the solid feel and clean, minimalist styling.

Anthony Grifoni

STYLISTIC Q572

For work use, Microsoft Word and Excel programs pre-installed on the device are adequate for preparing short documents.

Steph Mundell

LIFEBOOK UH574

The Fujitsu LifeBook UH574 allowed for great mobility without being obnoxiously heavy or clunky. Its twelve hours of battery life did not disappoint.

Andrew Mitsi

STYLISTIC Q702

The screen was particularly good. It is bright and visible from most angles, however heat is an issue, particularly around the Windows button on the front, and on the back where the battery housing is located.

Simon Harriott

STYLISTIC Q702

My first impression after unboxing the Q702 is that it is a nice looking unit. Styling is somewhat minimalist but very effective. The tablet part, once detached, has a nice weight, and no buttons or switches are located in awkward or intrusive positions.

Resources

Best Deals on GoodGearGuide

Latest Jobs

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?