Vulnerability in Siemens Switches allows hackers to gain admin access

A Security researcher has discovered two potential vulnerabilities in Siemens Ethernet switches allows a remote attacker to perform administrative operations.

The vulnerabilities were discovered by Eireann Leverett, Senior security consultant for IOActive and have been reported to Siemens.

The first vulnerability(CVE-2013-5944) could allow hackers to perform administrative operation over the network without authentication.

The Second vulnerability (CVE-2013-5709) could allow hackers to hijack web sessions over the network without authentication. This is due to insufficient entropy in its random number generator.

Siemens produced a patch within 3 months.  Customers of Siemens are advised to apply the SCALANCE X-200 firmware update.

Eireann is scheduled to demonstrate the vulnerabilities and release proof-of-concept code for organizations to check their own devices, at next week's S4 SCADA security conference in Miami.

Vulnerability lets Hacker to access Building Control System of Google's Australian office


Earlier this year, Security Researchers Billy Rios and Terry McCorkle from Cylance demonstrated a newly discovered zero-day attack on the Industrial control system at the Kaspersky Threatpost Security Analyst Summit.

The Industrial control system is a computer-based system used to control electronic door locks, lighting systems, elevators, video surveillance camera, electricity and boiler system via the internet - used by the military, hospitals and others

The researcher noted the security flaw in the Tridium Niagara AX Framework allows a hacker to access the sensitive file of the system, "config.bog" file which contains username and password for all devices.

Their research reveals the Internet giant Google using Tridium Niagara for various Building Management Systems in their Google Wharf 7 building is also affected by this zero-day vulnerability.

Although Tridium has released a patch for the system, Google's fails to patch the vulnerability which allowed the researchers to access the config.bog file of Tridium device used by the Google.

The credentials stored in the config.bog file allowed them to get into the admin panel of the device.  The panel gave access to a variety of Building Management features including "Active Alamrs", "Active overrides", "Alarm console".

Researchers reported this issue to the Google Vulnerability Rewards Program (VRP).

The researchers stated more than 25,000 of building using the Tridium Niagara AX system that haven't patched the security hole are vulnerable to hack.

"If Google can fall victim to an ICS attack, anyone can." Researcher noted.

Hackers breached Industrial heating system using backdoor


Earlier this year, Hackers breached the Industrial Control System (ICS) network of a New Jersey air conditioning company by exploiting a backdoor vulnerability in the system, according to an FBI memo(info.publicintelligence.net/FBI-AntisecICS.pdf).

The hackers first breached the company’s ICS network by exploiting the vulnerabilities in Tridium Niagara ICS system , that allowed access to the main control mechanism for the company's internal heating, ventilation, and air conditioning (HVAC) units.

According to the memo, the security breach occurred in February and March 2012 , few weeks after @ntisec posted a tweet indicating that hackers were targeting SCADA, and something had to be done to address SCADA vulnerabilities.

The company used the Niagara system not only for its own HVAC system, but also installed it for customers, which included banking institutions and other commercial entities.

Although the controller for the system was password protected in general, the backdoor through the IP address apparently required no password and allowed direct access to the control system. The link posted by the hacktivist provided the same level of access to the company's control system as the password-protected administrator login.

The logs from controller showed hackers has gained access to the system from multiple unauthorized international and US-based IP addresses.

Hackers hack into the Control System of US water utility and Destroyed pump

 Hackers hack into the Control System of US city water utility and destroyed a pump. According to the Joe Weiss, a managing partner for Applied Control Solutions report , hackers hacked into the maker of the Supervisory Control and Data Acquisition(SCDA) software used by the utility and stole customers user id and Passwords. The Intruders launched the attack using Russian based IP address.

The hackers were discovered on Nov. 8 when a water district employee noticed problems in the city’s Supervisory Control and Data Acquisition System (SCADA). The system kept turning on and off, resulting in the burnout of a water pump.

Forensic evidence indicates that the hackers may have been in the system as early as September, according to the “Public Water District Cyber Intrusion” report, released by the Illinois Statewide Terrorism and Intelligence Center on November 10.

The theft of credentials raises the possibility that other customers using the vendor’s SCADA system may be targeted as well.


Hackers can exploit Vulnerability in ICS and open the Prison door


Computerized  U.S prisons has critical vulnerability, a hacker can successfully break the system and remotely open cell doors.

Also hacker can shutdown all internal communication system through the prison intercom system and crash the facility’s closed-circuit television system, blanking out all the monitors.

"You could open every cell door, and the system would be telling the control room they are all closed,” said John J. Strauchs, a former CIA operations officer who helped develop a cyber-attack on a simulated prison computer system and described it at a hackers’ convention in Miami recently.

The security systems in most American prisons are run by special computer equipment called industrial control systems, or ICS. They are also used to control power plants, water treatment facilities and other critical national infrastructure. ICS has increasingly been targeted by hackers because an attack on one such system successfully sabotaged Iran’s nuclear program in 2009.

A hacker could exploit this vulnerability by overloading the electrical system that controls the prison doors, locking them permanently open.

We validated the researchers’ initial assertion … that they could remotely reprogram and manipulate” the special software controllers that run the systems,Sean P McGurk, a former Department of Homeland Security cybersecurity director, told Washingtontimes.

Teague Newman, another member of their team, said ICS systems are not supposed to be connected to the Internet.

“But in our experience, there were often connections” to other networks or devices, which were in turn connected to the Internet, making them potentially accessible to hackers, he said.

They turn on the Internet for remote maintenance of the kit could be carried out without the need for contractors to visit the jail. In some cases ,networks used to enable prison staff to access the net were poorly segmented from SCADA control systems.

Using the USB drive,An attacker can infect the system with Malware such as Stuxnet,Duqu . A targeted malware-infected email might also be used to introduce a SCADA worm into a prison environment.