PDA

View Full Version : Backdoor in computer controls opens critical infrastructure to hackers


News
10-25-12, 03:10 PM
http://cdn.arstechnica.net/wp-content/uploads/2012/10/codesys-640x409.jpg A screen from CoDeSys Visualization.
3S-Smart Software Solutions (http://www.3s-software.com/index.shtml?CoDeSys_Visu_en)


Software used to manage equipment in power plants, military environments, and nautical ships contains an undocumented backdoor that could allow malicious hackers to access sensitive systems without authorization.

The CoDeSys software tool (http://www.3s-software.com/index.shtml?homepage), which is used in industrial control systems sold by 261 different manufacturers (http://3s-software.com/index.shtml?en_Company_ref), contains functionality that allows people to remotely issue powerful system commands, Reid Wightman, a researcher with security firm ioActive, told Ars. The CoDeSys tool will grant a command shell to anyone who knows the proper command syntax and inner workings, leaving systems that are connected to the public Internet open to malicious tampering.

"There is absolutely no authentication needed to perform this privileged command," Wightman said. "Imagine if your laptop had a service that accepted an unauthenticated 'shutdown' command, and if someone sent it your laptop [would] shut off and you [would lose] all your work. Anybody on the network could shut off your laptop without needing your password. That would suck. And that's the case here."

Read 5 remaining paragraphs (http://arstechnica.com/security/2012/10/backdoor-in-computer-controls-opens-critical-infrastructure-to-hackers/) | Comments (http://arstechnica.com/security/2012/10/backdoor-in-computer-controls-opens-critical-infrastructure-to-hackers/?comments=1#comments-bar)



http://feeds.feedburner.com/~ff/arstechnica/index?i=eq3Z0gl_t0w:YnkXOXdR_Yc:V_sGLiPBpWU (http://feeds.arstechnica.com/~ff/arstechnica/index?a=eq3Z0gl_t0w:YnkXOXdR_Yc:V_sGLiPBpWU) http://feeds.feedburner.com/~ff/arstechnica/index?i=eq3Z0gl_t0w:YnkXOXdR_Yc:F7zBnMyn0Lo (http://feeds.arstechnica.com/~ff/arstechnica/index?a=eq3Z0gl_t0w:YnkXOXdR_Yc:F7zBnMyn0Lo) http://feeds.feedburner.com/~ff/arstechnica/index?d=qj6IDK7rITs (http://feeds.arstechnica.com/~ff/arstechnica/index?a=eq3Z0gl_t0w:YnkXOXdR_Yc:qj6IDK7rITs) http://feeds.feedburner.com/~ff/arstechnica/index?d=yIl2AUoC8zA (http://feeds.arstechnica.com/~ff/arstechnica/index?a=eq3Z0gl_t0w:YnkXOXdR_Yc:yIl2AUoC8zA)
http://feeds.feedburner.com/~r/arstechnica/index/~4/eq3Z0gl_t0w

More... (http://feeds.arstechnica.com/~r/arstechnica/index/~3/eq3Z0gl_t0w/)