After delay, hacker to show flaws in Siemens industrial gear

NSS Labs says it will disclose Siemens flaws at Black Hat, after holding back its research for security reasons

A security researcher who says he's found serious problems with Siemens computers used in power plants and heavy industry is now expecting to go public with his research at the Black Hat security conference in Las Vegas.

In May, NSS Labs Researcher Dillon Beresford pulled out of a Dallas hacking conference at the last minute when Siemens was unable to fix problems he'd found in the firmware of its S7 programmable logic controller. After consulting with Siemens and the U.S. Department of Homeland security, NSS decided that it was simply too dangerous to go public with its information before a patch could be fully developed. The systems Beresford had hacked are used to run power and chemical plants, some of which could be damaged if they were hit by a computer attack.

Now NSS Labs CEO Rick Moy says Beresford is rescheduled to deliver his talk at Black Hat, which runs Aug. 2-3.

Beresford has discovered six vulnerabilities in the S7 that "allow an attacker to have complete control of the device," Moy said. Devices like the S7 do things such as control how fast a turbine spins or open gates on dams.

The attack was developed on an S7-1200 system, but NSS believes other models of the S7 are also vulnerable.

For Beresford's attack to work, a hacker would have to first be on the same network as the Siemens system. Industrial systems like the S7 are often designed to run on "air-gapped" networks that are physically separated from the rest of the plant's computer systems. That would protect them from Beresford's attack, but security researchers have shown that it's often possible to reach these networks from the Internet. The Stuxnet worm, for example jumped across networks by infecting USB drives.

Breaking into some industrial networks would be even easier than that, according to Moy. "The dirty little secret about [such industrial] systems in general is that very few are properly air-gapped," he said.

NSS Labs expects Siemens to issue a patch in the next few weeks, well ahead of the August presentation. "They didn't give any firm timelines," he said. "They said unofficially that they were pretty confident that they'll be able to get their stuff out before then."

Siemens could not immediately be reached for comment.

However, in previous statements, the company has implied that the NSS attack might be hard to pull off in the real world. "While NSS Labs has demonstrated a high level of professional integrity by providing Siemens access to its data, these vulnerabilities were discovered while working under special laboratory conditions with unlimited access to protocols and controllers," Siemens said last month.

Beresford wasn't impressed with that comment. In a May interview, he called for Siemens to publish a security advisory on the bugs along with a timetable of when they will be fixed. "Now that they're trying to minimize the impact and do PR damage control, I feel that they're not servicing the public's interest," he said. "I'm not pleased with their response... They didn't provide enough information to the public."

Robert McMillan covers computer security and general technology breaking news for The IDG News Service. Follow Robert on Twitter at @bobmcmillan. Robert's e-mail address is robert_mcmillan@idg.com

Join the Good Gear Guide newsletter!

Error: Please check your email address.

Tags siemensNSS LabssecurityManufacturingenergyindustry verticalsExploits / vulnerabilities

Our Back to Business guide highlights the best products for you to boost your productivity at home, on the road, at the office, or in the classroom.

Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.

Robert McMillan

IDG News Service
Show Comments

Most Popular Reviews

Latest News Articles

Resources

PCW Evaluation Team

Azadeh Williams

HP OfficeJet Pro 8730

A smarter way to print for busy small business owners, combining speedy printing with scanning and copying, making it easier to produce high quality documents and images at a touch of a button.

Andrew Grant

HP OfficeJet Pro 8730

I've had a multifunction printer in the office going on 10 years now. It was a neat bit of kit back in the day -- print, copy, scan, fax -- when printing over WiFi felt a bit like magic. It’s seen better days though and an upgrade’s well overdue. This HP OfficeJet Pro 8730 looks like it ticks all the same boxes: print, copy, scan, and fax. (Really? Does anyone fax anything any more? I guess it's good to know the facility’s there, just in case.) Printing over WiFi is more-or- less standard these days.

Ed Dawson

HP OfficeJet Pro 8730

As a freelance writer who is always on the go, I like my technology to be both efficient and effective so I can do my job well. The HP OfficeJet Pro 8730 Inkjet Printer ticks all the boxes in terms of form factor, performance and user interface.

Michael Hargreaves

Windows 10 for Business / Dell XPS 13

I’d happily recommend this touchscreen laptop and Windows 10 as a great way to get serious work done at a desk or on the road.

Aysha Strobbe

Windows 10 / HP Spectre x360

Ultimately, I think the Windows 10 environment is excellent for me as it caters for so many different uses. The inclusion of the Xbox app is also great for when you need some downtime too!

Mark Escubio

Windows 10 / Lenovo Yoga 910

For me, the Xbox Play Anywhere is a great new feature as it allows you to play your current Xbox games with higher resolutions and better graphics without forking out extra cash for another copy. Although available titles are still scarce, but I’m sure it will grow in time.

Featured Content

Latest Jobs

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?