Critical Infrastructure, Even Prison Locks Could Be Hacker Targets

LAS VEGAS — The nation’s power grid, water treatment plants and even prison lock systems could be vulnerable to the Stuxnet computer worm, security experts warned this week at the Black Hat hacker conference here.

First detected last July, Stuxnet exploits previously unknown vulnerabilities in Microsoft Windows and industrial control systems from Siemens, CNN reports. The worm, which spread all over the Internet last year, is reported to have originally been created in an effort to sabotage Iran’s nuclear-enrichment operations.

During the conference, Tiffany Rad, a computer science professor, and her colleague Teague Newman, showed how the worm could be used to attack correctional facilities. By tapping into a little known electronic component in prisons, hackers can open all the doors that lock prisoners in their cells. It only took the duo two hours to figure out and exploit the worm, which attacks a Siemens programmable logic controller (PLC).

For its part, Siemens is working on a fix; however, Rad and Newman maintain that the defect is not entirely the company’s fault. The networking of prison security systems and the way employees use them also play a major role.

To combat the issue, experts suggest that security professionals take a step back from technology and review the design of real-world security systems. Additionally, they proposed that security professionals work harder to make computers more secure.

Source: CNN

 

If you enjoyed this article and want to receive more valuable industry content like this, click here to sign up for our FREE digital newsletters!

Security Is Our Business, Too

For professionals who recommend, buy and install all types of electronic security equipment, a free subscription to Commercial Integrator + Security Sales & Integration is like having a consultant on call. You’ll find an ideal balance of technology and business coverage, with installation tips and techniques for products and updates on how to add to your bottom line.

A FREE subscription to the top resource for security and integration industry will prove to be invaluable.

Subscribe Today!

Get Our Newsletters