Forum Moderators: open
Shifting cyber threats menace factory floors [securityfocus.com]
he was dismayed to witness the program handshaking with the device by sending it a single UDP packet, with six plaintext ASCII characters as the data field. That's how Cupps learned that the secret password to take control over much of the hardware on the factory's assembly line was a hardcoded "hihihi."
Summary: Thanks to standards put in place before centralized ethernet controls of automation, there is essentially no security on automated equipment in factories. Given that that the security (or lack thereof) is governed by hardcoded PLCs, and that factory equipment lasts for 20-30 years, this isn't going to change for a while. And it's only a matter of time before the hackers figure it out.
At issue were the Programmable Logic Controllers ... They're essentially discrete computers wired into the machinery
The article really reads like security was considered only at the level of the Least Common Denominator. It's easy to understand why, if a system is closed and you want Bubba the Machine Operator to work, not to type. It makes me wonder just how much other computerized equipment got the same consideration.
