Photo via Flickr (ewar woowar)
LAS VEGAS — The nation's power grid, water treatment plants and even prison lock systems could be vulnerable to the Stuxnet computer worm, security experts warned this week at the Black Hat hacker conference here.
First detected last July, Stuxnet exploits previously unknown vulnerabilities in Microsoft Windows and industrial control systems from Siemens, CNN reports. The worm, which spread all over the Internet last year, is reported to have originally been created in an effort to sabotage Iran's nuclear-enrichment operations.
During the conference, Tiffany Rad, a computer science professor, and her colleague Teague Newman, showed how the worm could be used to attack correctional facilities. By tapping into a little known electronic component in prisons, hackers can open all the doors that lock prisoners in their cells. It only took the duo two hours to figure out and exploit the worm, which attacks a Siemens programmable logic controller (PLC).
For its part, Siemens is working on a fix; however, Rad and Newman maintain that the defect is not entirely the company's fault. The networking of prison security systems and the way employees use them also play a major role.
To combat the issue, experts suggest that security professionals take a step back from technology and review the design of real-world security systems. Additionally, they proposed that security professionals work harder to make computers more secure.
Source: CNN
Other Recent News
May 21, 2012
The Hard Rock Hotel and Casino Albuquerque has selected Surveillance Systems Integration (SSI) to migrate the hotel’s analog security system to IP video.
May 16, 2012
SafeMart Home Security, based here, will extend its service capabilities with the addition of Verizon Wireless as a network service provider for its wireless home security systems.
May 11, 2012
The Security Industry Association (SIA) has tapped New York Times best-selling author Brad Thor to serve as keynote speaker during its 2012 Government Summit, scheduled for June 19-20 in Washington.
May 11, 2012
In an effort to enhance communication with customers, partners, prospects and industry experts, Datacard Group, a secure ID and card personalization solutions provider, has launched a new corporate blog.
May 8, 2012
Welcome back to SECURITY SALES & INTEGRATION's "Security Speaking" podcast! Here, Editor-in-Chief Scott Goldfine talks to Deborah Hansen, false alarm reduction coordinator for the city of Naperville (Ill.) Police Department at the False Alarm Reduction Association (FARA) Symposium in Albuquerque, N.M.