Keuper and Alkemade-competing under their company name, Computest-successfully bypassed the trusted-application check. Think of it as the lingua franca that different parts of a critical-operations system use to talk to each other in industrial settings. The indisputable highlight of the show belonged to Keuper and Alkemade, who targeted a communications protocol called OPC UA. There is a lot more out there than what people are reporting right now.” “It just shows there is a real depth of bugs to be mined. “I’m surprised to see so many unique bugs on the Iconics Genesis64,” says Childs. The teams that took on the challenge won a total of $75,000. In Miami, the Iconics Genesis64 was hacked at least six times to give attackers full control. That clever extra bit of sabotage multiplied the success of the operation. Hackers believed to be working for the United States and Israel sabotaged the programmable logic controllers inside the gas centrifuges used to separate nuclear materials, but they also told the machines to tell the Iranian operators that everything was going well. We know this is a real threat because a decade ago, a landmark hacking campaign known as Stuxnet targeted the Iranian nuclear program. One notable target at this year’s show was the Iconics Genesis64, a human-machine interface tool that hackers can break into to bring down critical targets while fooling the human operators into thinking nothing is wrong. “There is still a lot of work to be done.” Looking for the big one “A lot of the bugs we’re seeing in the industrial control systems world are similar to bugs we saw in the enterprise software world 10 to 15 years ago,” says Dustin Childs, who ran the show this year.
But it’s also a sign that critical-infrastructure security has a long way to go. That is what the sponsors pay for, after all-hackers who succeed will share all the details so the flaw can be fixed. Nearly every piece of software offered up as a target fell to the hackers. This week in Miami, the targets were all industrial control systems that run critical facilities. Last week, one group of Russian hackers was caught trying to bring down the Ukrainian power grid, and another hacking group was caught aiming to disrupt critical industrial systems.Īt Pwn2Own, the stakes are a little bit lower, but the systems are the same as what you’ll find in the real world. At the exact same time that I was watching the pair on stage in Miami targeting a small arsenal of critical industrial software, the United States and its allies issued a warning about the elevated threat of Russian hackers’ going after infrastructure such as the electric grid, nuclear reactors, water systems, and more.
0 kommentar(er)
