Daily Dot reporter Patrick Howell O’Neill offers a long and pretty frightening story about a study of Industrial Ethernet Switches that is set for release at this week’s Black Hat conference in Las Vegas. The study – which was conducted a security researcher (who is an active member of the U.S. Air Force; the story doesn’t say if he is participating as a member of the military), IOActive, Siemens, General Electric, Opengear and Garrettcom – points to serious problems at many places where nobody wants there to be serious problems. Writes O’Neill:
The vulnerabilities on industrial switches covered in the new research include the widespread use of default passwords, hard-coded encryption keys, and a lack of proper authentication for firmware updates. These three fundamental failures of security combine to make it easier for attackers to gain access to industry devices and networks, change what they please, and take control.
The story also referred to backdoors into vital systems. The bottom line is clear: Network equipment must be intensely protected in general. It is particularly important to buy the right security hardware and software to keep industrial networks secure. In many cases, this is upgraded and customized versions of regular commercial gear. In others, it is specialized and unique network equipment.