These hackers just showed how easy it is to target critical infrastructure

“OPC UA is used as a connector between systems everywhere in the industrial world,” says Keuper. “It’s a central component of the typical industrial network, and we can usually bypass the authentication required to read or change anything. That’s why people found it most important and interesting. It only took two days to find him. “

2012 took three weeks focused work for iPhone Hack. In contrast, the OPC UA Hack was a one-sided project, disrupted by the day jobs of Keuper and Alkemade. But the impact is huge.

There is a big difference between the results of hacking an iPhone and the results of breaking into critical-infrastructure software. The iPhone can be easily updated, and the new phone is always around the corner.

In contrast, in complex infrastructure, some systems can last for decades. Some known security flaws cannot be corrected at all. Operators often cannot update their technology for security improvements because taking the system offline is out of the question. It is not easy to turn a factory on and off like a light switch or a laptop.

“In industrial control systems, the field of play is completely different,” says Kuper. “You have to think differently about security. You need different solutions. We need game changers. “

Despite their success this week, Keuper and Alkemade are not under any illusions that industrial safety issues are resolved immediately. But it is a good start for both.

“I do research for the public good to help make the world a little safer,” says Alkemade. That’s the decent thing to do, and it should end there. ”

“Hopefully we’ve made the world a safer place,” says Kuper.
Meanwhile, the Pwn2Own contests continue, which paid $ 2 million last year. Next month, hackers will gather in Vancouver to celebrate the show’s 15th anniversary. One of the goals? Tesla car.

Similar Posts

Leave a Reply

Your email address will not be published.