arstechnica:
Defects leave critical military, industrial infrastructure open to hacks
iTunes has "more robust" security than some of our critical infrastructure.
by Dan Goodin - July 13 2012, 12:43pm EDT
An architectural diagram touting a security feature of Tridium's Niagara FrameworkSecurity researchers have blown the whistle on serious vulnerabilities in an Internet-connected system used by the US military, hospitals, and private industry to control boilers, air-conditioners, security alarms, and other critical industrial equipment.
The defects in the Niagara Framework, which links more than 11 million devices in 52 countries, could allow malicious hackers to seize control of critical infrastructure, an article published by The Washington Post warned. The vulnerabilities were unearthed by Billy Rios and Terry McCorkle, two researchers who have spent the past 18 months exposing security holes in a variety of ICS, or industrial control systems.
"The ICS software community is light years behind modern software security," Rios wrote in a blog post recounting his odyssey in getting Niagara officials to publicly acknowledge the vulnerabilities after he and McCorkle reported them. "Sadly, we can honestly say that the security of iTunes is more robust than most ICS software." [Read more]
posted by: gqjournal
Comments