All the latest UK technology news, reviews and analysis


Department of Homeland Security issues alert over Ruggedcom flaw

23 Aug 2012
Hacker's hands on keyboard

The US Department of Homeland Security is warning businesses to tighten security protection on their industrial control devices following the discovery of a high-risk security vulnerability in the Ruggedcom ROS industrial networking platform.

In an alert from the Industrial Control System Cyber Emergency Response Team (ICS-CERT), authorities warned that the flaw could be used by an attacker to eavesdrop on SSL traffic.

According to the ICS-CERT report, an error in the handling of network keys could potentially allow an attacker to compromise secure connections by identifying the device's RSA encryption key.

Once compromised, the agency warns that an attacker could intercept traffic being sent between an end user and ROS devices.

Credit for discovering the vulnerability was given to Cylance researcher Justin W Clarke. The researcher presented the flaw along with a proof of concept outlining how such an attack could take place.

In order to mitigate the flaw, ICS-CERT is advising administrators to limit the exposure of any network-connected industrial control systems.

In addition to removing all control systems from direct internet connectivity, the agency is advising best practices, including the implementation of firewall protections and the use of VPN connections when accessing control devices.

The security and accessibility of industrial control appliances and devices has become a hot topic as fears grow over domestic and international terrorist attacks and industrial sabotage operations. Devices such as PLC controllers have been found to contain critical flaws which could lead to attacks on public utilities.

Industrial device flaws were also leveraged by government agents to carry out the high-profile Stuxnet and Duqu malware attacks.

  • Comment  
  • Tweet  
  • Google plus  
  • Facebook  
  • LinkedIn  
  • Stumble Upon  
Shaun Nichols
About

Shaun Nichols is the US correspondent for V3.co.uk. He has been with the company since 2006, originally joining as a news intern at the site's San Francisco offices.

More on Security
What do you think?
blog comments powered by Disqus
Poll

Windows 7 end of mainstream support

What are your plans for when Microsoft ends mainstream support for Windows 7 in January 2015?
10%
9%
3%
64%
14%

Popular Threads

Powered by Disqus
LG G3 in gold black and white

LG G3 vs Galaxy S5 video

We pit the two Korean firms' flagship smartphones against each other

Updating your subscription status Loading
Newsletters

Get the latest news (daily or weekly) direct to your inbox with V3 newsletters.

newsletter sign-up button
hpv3may

Getting started with virtualisation

Virtualisation can help you reduce costs, improve application availability, and simplify IT
management. However, getting started can be challenging

ibmv3may

Converting big data and analytics insights into results

Successful leaders are infusing analytics throughout their organisations to drive smarter decisions, enable faster actions and optimise outcomes

MVC / C# / ASP.NET - eCommerce - London - (70k) + Bonus

MVC / C# / ASP.NET eCommerce - London (70K) + Bonus...

Interim Senior IT Services Manager / Head of IT (Law Firm, London)

Interim Senior IT Services Manager / Head of IT (Law...

Programme Director EDW

Programme Manager - EDW Our blue chip client is currently...

CRM Analyst / data analysis / Manchester - 30K

CRM Analyst / data analysis / Manchester - 30K CRM...
To send to more than one email address, simply separate each address with a comma.