Own your local SCADA!
Doing penetration tests can bring sometimes surprising results. But doing penetration tests on critical targets should not bring any surprising results. As Forbes few days ago informed, Scott Lunsford was offered to penetrate into nuclear power station.
As owner of the plant claimed, critical components could not ne accessed from the Internet.”It turned out to be one of the easiest penetration tests I’d ever done,” Lunsford said.
He added: “By the first day, we had penetrated the network. Within a week, we were controlling a nuclear power plant.” System was powered by SCADA software. Ganesh Devarajan from Tipping Point presented at DefCon his security research on SCADA systems and possibilities to find vulnerabilities inside. No doubt this system is vulnerable, because it is not publicly available, so there is no pressure from users to fix possible vulnerabilities.
Source and more info: zone-h