1 min read

Rail Networks Vulnerable due to "Derailed" SCADA Security

Liviu ARSENE

January 04, 2016

Ad One product to protect all your devices, without slowing them down.
Free 90-day trial
Rail Networks Vulnerable due to "Derailed" SCADA Security

Rail network SCADA systems have been deemed vulnerable by Russian hackers, who published hard hardcoded industrial control system credentials.

Although the bugs found were not described in detail, Sergey Gordeychik, Aleksandr Timorin, and Gleb Gritsai say they involve vulnerabilities entertainment systems, collision-avoiding interlocking platforms and mobile communication.

“If somebody can attack the modem, the modem can attack the automatic train control system, and they can control the train,” said Gordeychik. “A lot of devices work on the same channel: like engineering equipment and user systems,” Timorin added.

The use of old and outdated operating systems coupled with internet connectivity to automate and offer newer functionalities has opened up vulnerabilities that can be easily exploited, according to the hacker trio.

The team found several code vulnerabilities and authentication issues that could let someone cause serious damages. In an attempt to help fix the found vulnerabilities and push vendors into releasing patches and fixes, they published a list of hard-coded passwords to some of the systems they’ve investigated.

“We are releasing the list to force vendors to not use hardcoded and default passwords,” said Gordeychik. “The first threat is to safety, or cyber-physical – the second is economic threats to impact efficiency and revenue, and the third is threats reliability.”

While some operators have already begun fixing some of the reported issues, the hacker team is confident that the seriousness of their findings, along with publicly sharing hardcoded passwords, will spur new security updates and procedures aimed at protecting rail networks.

tags


Author



Right now

Top posts

The Holiday Guide to Tech Support: Fixing the Family Computer

The Holiday Guide to Tech Support: Fixing the Family Computer

November 24, 2021

2 min read
Bitdefender Celebrates 20 Years of Cybersecurity Leadership

Bitdefender Celebrates 20 Years of Cybersecurity Leadership

November 04, 2021

3 min read
Bitdefender Study Reveals How Consumers Like (and Dislike) Managing Passwords

Bitdefender Study Reveals How Consumers Like (and Dislike) Managing Passwords

October 26, 2021

3 min read
What are drive-by download attacks and how do you prevent them?

What are drive-by download attacks and how do you prevent them?

October 25, 2021

2 min read
Criminals Can't Wait to Add Your IoT Device to Their DDoS Networks

Criminals Can't Wait to Add Your IoT Device to Their DDoS Networks

October 22, 2021

2 min read
Six in 10 Consumers Faced a Cyber Threat in 2021, New Bitdefender Study Reveals

Six in 10 Consumers Faced a Cyber Threat in 2021, New Bitdefender Study Reveals

October 20, 2021

3 min read

FOLLOW US ON

SOCIAL MEDIA


You might also like

Missouri Man Gets 10 Months in Prison for Role in Multi-Million-Dollar SIM Hijacking Operation Missouri Man Gets 10 Months in Prison for Role in Multi-Million-Dollar SIM Hijacking Operation
Filip TRUȚĂ

December 02, 2021

2 min read
Common Credentials Criminals Use in IoT Dictionary Attacks Revealed Common Credentials Criminals Use in IoT Dictionary Attacks Revealed
Silviu STAHIE

November 30, 2021

3 min read
Interpol Busts 1,000 Cyber Crooks and Recovers $27M in Massive Fraud Crackdown Interpol Busts 1,000 Cyber Crooks and Recovers $27M in Massive Fraud Crackdown
Filip TRUȚĂ

November 29, 2021

2 min read