Posts Tagged ‘scada security’

Hacking Home Automation Systems Through Power Lines

Saturday, August 13th, 2011



 

X10-Jammer.png

Quoted from Hackaday.com

As home automation becomes more and more popular, hackers and security experts alike are turning their attention to these systems, to see just how (in)secure they are.

This week at DefCon, a pair of researchers demonstrated just how vulnerable home automation systems can be. Carrying out their research independently, [Kennedy] and [Rob Simon] came to the same conclusion – that manufacturers of this immature technology have barely spent any time or resources properly securing their wares.

The researchers built tools that focus on the X10 line of home automation products, but they also looked at ZWave, another commonly used protocol for home automation communications. They found that ZWare-based devices encrypted their conversations, but that the initial key exchange was done in the open, allowing any interested 3rd party to intercept the keys and decrypt the communications.

While you might initially assume that attacks are limited to the power lines within a single house, [Kennedy] says that the signals leak well beyond the confines of your home, and that he was able to intercept communications from 15 distinct systems in his neighborhood without leaving his house.

Can’t imagine how someone disturbing your private time while you’re enjoying your hot bath? think again. have a nice weekend.

Courtesy: Hackaday, Wired

Trucks and fuel storage tanks in depots are becoming targets for organised crime

Saturday, August 15th, 2009

trucks2.jpg

Viper Guard has called for urgent Government action to control rising oil prices and is warning of a new wave of fuel theft. The warning follows predictions that speculation in the oil market will soon see diesel prices back at last summer’s high of £1.25-£1.30 litre, when both trucks and fuel storage tanks in depots became high-value targets for organised crime.

But Viper Guard General Manager Debbie Jones said things could be worse this time round thanks to the recession.

“Hard times not only tempt people into crime but also put pressure on potential purchasers not too ask too many questions,” she said. “Obviously we would urge all operators to make sure they have adequate security measures in place this summer, but we want to see Government action too.

“The Government sowed the seeds of the problem itself when the Chancellor first put 2p on a litre to offset his 2.5% VAT cut last November and then went ahead with the further 2p increase in April. These increases need to be reversed urgently both to help hauliers through the recession and to head off the expected increase in fuel theft.”

She also urged the Government to control the activities of speculators in the City. “These gamblers are threatening the health of the entire road transport sector, with inevitable knock-on effects across the economy,” she said. “But after the Government bail-outs in the banking industry last year, many of the speculators are effectively state employees.

“The lesson of the credit crunch, surely, is that it’s enormously harmful to allow bankers to pursue their own narrow agenda at the expense of the wider public interest. Yet it seems the bankers have learnt nothing and are carrying on in the same old way. The Chancellor can and must rein them in before they do more damage.”

source: Surveillance News Portal

Things You Probably Wish You Don’t Know

Monday, May 19th, 2008

power lines

Historically, “sensitive” networks have traditionally enjoyed a sense of security due to their total, and complete separation from publicly accessible networks.

In fact, most of us old-school “security wonks” have always joked about the fact that the “…only real security is a pair of wire cutters…” to humorously illustrate the fact that nothing is really secure that is exposed to uncertainty, or untrusted access.

This has always been true in my personal background, having worked in U.S. Military COMSEC disciplines over many years. And given the fact that I have also worked in the Internet security arena for almost 20 years, I figure this gives me some unique insight into some of these issues.

The same security postures which can be applied to COMSEC can, and should, be true of SCADA (Supervisory Control And Data Acquisition) systems.

When you think “SCADA”, think power, water, etc. The systems that allow civilization to function.

First and foremost, these systems should never — never — be connected in any way, shape, or form to the public Internet. Not even as VPNs, or overlay networks. This is simply wrong-headed.

Unfortunately, some business decisions over the course of the past 15 years have allowed the “public” and “private” networks to become dangerously close in proximity, due to “cost savings” and “operational efficiency” business decisions — by companies that control the very systems which deliver these life-sustaining services to the world’s population.

It’s one thing to steal passwords, perpetrate fraud, and other financial theft-based cyber crimes — but it is ominously more dangerous to shut down the electricity to a complete region of a power grid.

If there is anyone out there who thinks that this is only the storyline of blockbuster movies, think again.

There are certainly forces “out there” who wish to wreak havoc, cause damage, and claim victory.

And they are using the exact same methods to infiltrate SCADA infrastructure that they are using to steal unwitting victim’s checking account information.

Source