LAS VEGAS — The nation’s power grid, water treatment plants and even prison lock systems could be vulnerable to the Stuxnet computer worm, security experts warned this week at the Black Hat hacker conference here.
First detected last July, Stuxnet exploits previously unknown vulnerabilities in Microsoft Windows and industrial control systems from Siemens, CNN reports. The worm, which spread all over the Internet last year, is reported to have originally been created in an effort to sabotage Iran’s nuclear-enrichment operations.
During the conference, Tiffany Rad, a computer science professor, and her colleague Teague Newman, showed how the worm could be used to attack correctional facilities. By tapping into a little known electronic component in prisons, hackers can open all the doors that lock prisoners in their cells. It only took the duo two hours to figure out and exploit the worm, which attacks a Siemens programmable logic controller (PLC).
For its part, Siemens is working on a fix; however, Rad and Newman maintain that the defect is not entirely the company’s fault. The networking of prison security systems and the way employees use them also play a major role.
To combat the issue, experts suggest that security professionals take a step back from technology and review the design of real-world security systems. Additionally, they proposed that security professionals work harder to make computers more secure.
Source: CNN
