Software backdoor makes critical infrastructure vulnerable to attacks
Posted on 26 October 2012.
Ever since Stuxnet managed to disrupt the workings of the Natanz nuclear facility, the security of industrial control systems (ICS) has deservedly received a lot of attention. Many security researchers have begun analyzing the hardware and software employed in critical infrastructure installations, and have discovered a host of vulnerabilities.

The latest of these is an undocumented backdoor that ioActive researcher Reid Wightman discovered in CoDeSys, a piece of software that manages equipment in power plants, military and industrial establishments, and other similarly crucial environments.

The software is ubiquitous, as it is embedded in programmable logic controllers (PLCs) produced and sold by 261 different manufacturers, and allows potential attackers to compromise systems that are connected to the Internet by simply issuing commands through the command shell, without the need to authenticate themselves to it.

Wightman has tested two PLCs so far - one running Microsoft Windows CE on ARM chips, and the other running Linux on Intel-compatible ones - and found them both vulnerable.

He then searched for these devices via the Shodan search engine for finding devices exposed online, and discovered 117 devices connected to the Internet - a figure he suspects would be much higher if he did more refined searches.

According to ars technica, CoDeSys' designers - 3S-Smart Software Solutions - have released an advisory advising users to set a password.

But, Wightman notes, that does nothing to protect access to the backdoor shell.

Wightman's former colleagues at Digital Bond have tested "a handful" of the 261 vendor products, and are currently compiling a list of affected (and not) devices. So far, only one of the vendor's products has passed the test, and that's because the vendor discovered the flaw and fixed it.

As much as the patching and continuous updating of these small but critical devices is difficult, a solution will have to be found - sooner rather than later.


Harnessing artificial intelligence to build an army of virtual analysts

PatternEx, a startup that gathered a team of AI researcher from MIT CSAIL as well as security and distributed systems experts, is poised to shake up things in the user and entity behavior analytics market.

Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.

Daily digest

Receive a daily digest of the latest security news.

Thu, Feb 4th