INDUSTRIAL OPERATIONS such as power plants or oil refineries might be sabotaged by vulnerabilities in Siemens programmable logic controllers (PLCs), devices previously targeted by the Stuxnet worm in Iran.
In a report by the Associated Press, NSS Lab researchers claimed they had found multiple vulnerabilities in Siemens PLCs, which are used in industrial facilities and factories to control machinery, valves, pumps and other general purpose systems. These flaws could be used by hackers to cause serious damage to technological infrastructure.
NSS chief executive Rick Moy said, "This is a global problem. There are no fixes to this right now." He continued, "Bad guys would be able to cause real environmental and physical problems and possibly loss of life."
Siemens PLC devices were targeted by the Stuxnet worm, malware designed to reprogram them after using Windows PCs and USB sticks to propagate. Believed by some to be state-sponsored malware, Stuxnet was thought to have caused major damage to Iran's nuclear fuel refining efforts.
But while Stuxnet hit the operating system software, Moy claimed that PLCs might be reprogrammed directly if reached on the network.
NSS Labs' claims also back up a contention by F-Secure chief security researcher Mikko Hypponen that terrorists could use modified versions of Stuxnet for the their own ends, using vulnerabilities in PLCs to attack critical infrastructure such as power plants. µ
Being in a minority of one doesn't make you right
WeWork needs a rework
Because who wants any surprises
Viv-oh no they didn't