If you look after the Large Hadron Collider you should read this…

Graham Cluley

If you look after the Large Hadron Collider you should read this...

A Russian security researcher has uncovered security vulnerabilities that could allow a malicious attacker to conduct man-in-the-middle attacks, denial‑of‑service attacks, and possibly authenticate themselves as valid users.

So far, so much par for the course.

But what makes this vulnerability disclosure by Ilya Karpov of Positive Technologies particularly noteworthy, as The Register reports, is that the vulnerabilities were found in Siemens SIMATIC HMI devices used to control critical systems at petrochemical facilities, power plants and even the Large Hadron Collider.

Yes, you can imagine how that could cause problems…

Large Hadron Collider

One of the vulnerabiities, as described in ICS-CERT’s advisory explains that a hacker might only need a hash of the system’s password – rather than the password itself – to gain access to privileged systems.

If attackers obtain password hashes for SIMATIC WinCC users, they could possibly use the hashes to authenticate themselves. This vulnerability affects SIMATIC WinCC and SIMATIC PCS 7.

Threats such as Stuxnet and Dragonfly have raised the public’s awareness of the need to properly protect industrial control systems (ICS) which control critical infrastructure such as the management of electrical, water, oil, gas and data supplies.

Siemens says it has now patched the vulnerabilities.

Nonetheless, you think you had a headache keeping your home computer updated with security patches? Just imagine if you were responsible for securing the Large Hadron Collider or a nuclear plant…

Graham Cluley Graham Cluley is a veteran of the anti-virus industry having worked for a number of security companies since the early 1990s when he wrote the first ever version of Dr Solomon's Anti-Virus Toolkit for Windows. Now an independent security analyst, he regularly makes media appearances and is an international public speaker on the topic of computer security, hackers, and online privacy. Follow him on Twitter at @gcluley, or drop him an email.

One Reply to “If you look after the Large Hadron Collider you should read this…”

  1. On the subject of protecting nuclear plants…

    http://www.bbc.co.uk/news/world-us-canada-32663107

    And as for the character limit, while it is probably not a problem at 3000 characters (even for me mostly), the issue of quoting comes to mind as that adds up. Maybe you could have a way that quotes the article (I don't mean the full article but portions of). Perhaps this isn't a problem even, but I'm raising the point now just in case (at least it isn't like the BBC where they limit to 400 characters). But until this sentence it was 2494 characters left, and I didn't write all that much (though amusingly almost all of it is about the character limit itself).

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Never miss a thing. Sign up for the free GCHQ newsletter from Graham Cluley.
GET EMAIL UPDATES