Register for an account

X

Enter your name and email address below.

Your email address is used to log in and will not be shared or sold. Read our privacy policy.

X

Website access code

Enter your access code into the form field below.

If you are a Zinio, Nook, Kindle, Apple, or Google Play subscriber, you can enter your website access code to gain subscriber access. Your website access code is located in the upper right corner of the Table of Contents page of your digital edition.

Technology

Thousands of Infrastructure Computer Systems are Online, Unprotected

80beatsBy Veronique GreenwoodJanuary 27, 2012 3:04 AM

Newsletter

Sign up for our email newsletter for the latest science news

powerplant.jpg

We've written before about hapless business owners practically handing hackers customers' information by failing to observe basic computer security (Subway, we're looking at you

). But this is a security fail on a whole different level. A researcher has just revealed that about ten thousand systems controlling water plants, sewage plants, and other infrastructure are online, mostly unprotected and findable with a simple search. Manufacturers of such industrial control systems, which can be used to direct everything from a high school's lighting to power plants, have taken comfort in the fact that they aren't supposed to be connected to the web, and thus protecting them from hackers isn't necessary, said Eireann Leverett, the computer science grad student who presented these findings at the S4 conference

(we learned of them from Kim Zetter at Wired's Threat Level

). But for whatever reason, in many cases the computers running the control software are in fact networked. Using a search that lets you identify Internet-connected devices, previous researchers have shown that you can find such computers, which is worrisome enough. But this single grad student, working full time for three months and part time for three months, built a tool that finds such systems, identifies their security vulnerabilities, and places them on a map. “[If] a student can put this together, surely a nation state can do it,” he said to the audience. It's not clear how many of the systems control things as critical as water or power. But the fact that so many of them are accessible at all is unsettling. The Stuxnet virus, which destroyed centrifuges in Iran's nuclear program, worked by messing with just this sort of control system. [via Threat Level

]

Image courtesy of boegh / flickr

2 Free Articles Left

Want it all? Get unlimited access when you subscribe.

Subscribe

Already a subscriber? Register or Log In

Want unlimited access?

Subscribe today and save 70%

Subscribe

Already a subscriber? Register or Log In