/// Researchers Show How Easy a New Stuxnet-Like Attack Can Be

April 6, 2012  |  All Things Digital

One of the great residual concerns about the Stuxnet computer worm that attacked the Iranian nuclear program has been that study of its methods would lead to other attacks like it. Those fears were theoretical for a while. If you could attack the industrial computers controlling nuclear centrifuges and make them explode, as happened in the case of Stuxnet, you could, in theory, use the same approach to attack industrial computers controlling critical infrastructure in the U.S. The only thing needed is knowledge about vulnerabilities lurking in those systems. The bad news is that, as of yesterday, those vulnerabilities are no longer a theory. The good news is that the good guys found them first. Yesterday, researchers for a volunteer program called Project Basecamp have discovered three vulnerabilities inside a common model of industrial computer known as a programmable logic controller (PLC). These PLCs basically sit between a regular computer running Windows and a big piece of industrial equipment — say, a pump or a generator or a nuclear centrifuge. PLCs are part of a larger set of industrial computers known as Supervisory Control And Data Acquisition (SCADA) systems. Security research into SCADA systems has increased dramatically since the revelation of the Stuxnet worm in 2010 . The work was done by researchers at Digital Bond , a security research firm specializing in work on SCADA systems. What they built was a software module called “modiconstux,” which carries out a Stuxnet-like attack on a PLC device called a Modicon Quantum, made by Schneider Electric . Borrowing techniques learned from the Stuxnet worm, modiconstux does two things: It downloads the current set of instructions the PLC is using — a set of programming commands known as “ladder logic” — giving the attacker the ability to understand what the PLC is doing day in and day out. This is key: If you’re going to hijack a PLC to make the machine it’s controlling explode, you have to first understand the process you’re going to sabotage. The second thing that modiconstux does is upload new ladder logic. The classic example I think of in explaining this comes from the first public demonstrations of Stuxnet carried out by researchers at Symantec. In that case, a Siemens PLC had been programmed to blow up a balloon by instructing a pump to send a certain amount of air to the balloon and then stop. After being hijacked by Stuxnet, the logic was changed in such a way that the pump didn’t stop, and the balloon popped. Not very menacing, but if you use your imagination, you can see that popping balloon as a metaphor for a lot of very dangerous outcomes.

See original here:
Researchers Show How Easy a New Stuxnet-Like Attack Can Be


Leave a Reply