The U.S. Cyber Consequences Unit (CCU), a nonprofit group that helps the U.S. government identify vulnerabilities for cyberattacks, has replicated the recent attack that sabotaged centrifuges used in Iran's nuclear program.
The attack, which used a Stuxnet worm, was originally believed to require military-grade technology and funding. Iran blamed the United States and Israel for the attack. However, CCU researchers were able to find more than a dozen vulnerabilities in the type of electronic controllers used in the Iranian centrifuges, and it took them just two months and $20,000 in equipment. The vulnerabilities, including weak password protection, allowed researchers to take control of the devices and reprogram them.
Siemens AG, which makes the controllers, says it has fixed some of the vulnerabilities and that they largely affect older models of controllers. However, the controllers are designed to last for decades, and the CCU and other security experts warn that, without the necessary updates, the U.S.'s critical infrastructure could be at risk. For example, a Virginia-based research team was able to find vulnerabilities at an unnamed correctional facility that would allow them to open and close doors, shut off alarms, and tamper with video surveillance.
From Associated Press
View Full Article
No entries found