Energy and industrial plants are infected with flaws that make them vulnerable to devastating cyber-attacks, a security researcher has claimed.
Security researcher Dillon Beresford of NSS Labs demonstrated the vulnerabilities during the Black Hat security conference in Las Vegas.
The aim behind his presentation was to prove that any nation state or a group of people, with the required skills, were fully capable of hacking into programmable logic controllers (PLCs) which are used to automate critical components like turbines and valves.
The security researcher disclosed the vulnerability he found in PLCs made by equipment manufacturer Siemens.
“It is not only nation states that have this capability, it is now in the hands of researchers and will inevitably get into malicious hands. It could be some lone hacker. Most people with the time and resources could pull this off,” he claimed.
Siemens representative, who also took part in the presentation, revealed that the company was already working with researchers to plug the holes in its equipment. The Black Hat presentation was a wakeup call for nations and manufacturers to move swiftly and patch the holes before something bad happens.
Another researcher demonstrated how he managed to hack into a PLC by merely sending a text message.