Department of Homeland Security issues alert over Ruggedcom flaw

The US Department of Homeland Security is warning businesses to tighten security protection on their industrial control devices following the discovery of a high-risk security vulnerability in the Ruggedcom ROS industrial networking platform.

In an alert from the Industrial Control System Cyber Emergency Response Team (ICS-CERT), authorities warned that the flaw could be used by an attacker to eavesdrop on SSL traffic.

According to the ICS-CERT report, an error in the handling of network keys could potentially allow an attacker to compromise secure connections by identifying the device's RSA encryption key.

Once compromised, the agency warns that an attacker could intercept traffic being sent between an end user and ROS devices.

Credit for discovering the vulnerability was given to Cylance researcher Justin W Clarke. The researcher presented the flaw along with a proof of concept outlining how such an attack could take place.

In order to mitigate the flaw, ICS-CERT is advising administrators to limit the exposure of any network-connected industrial control systems.

In addition to removing all control systems from direct internet connectivity, the agency is advising best practices, including the implementation of firewall protections and the use of VPN connections when accessing control devices.

The security and accessibility of industrial control appliances and devices has become a hot topic as fears grow over domestic and international terrorist attacks and industrial sabotage operations. Devices such as PLC controllers have been found to contain critical flaws which could lead to attacks on public utilities.

Industrial device flaws were also leveraged by government agents to carry out the high-profile Stuxnet and Duqu malware attacks.