Security hole found in software used by power plants
New Scientist reports that security firm has found serious security vulnerability in software used to automate power stations, oil refineries, and production lines.
We can all live with outages at Yahoo Mail, Twitter, and CNN.com. But what about when there's an outage that affects our electrical power, heating systems, and gas supplies?
Boston-based security firm Core Security has discovered a serious hole in the Suitelink software that is used to automate operations at power stations, oil refineries and production lines, according to a report in New Scientist.
Attackers exploiting the vulnerability could crash the software by transmitting an outsize packet data to a certain port on the computer running Suitelink, the article says.
Fortunately, Wonderware, the company that makes Suitelink, has issued a software patch for the vulnerability. Now it's up to the plants to update their software.
Even without finding security holes in the SCADA control software, it's possible to break into power plants by downloading malware to employee computers through a socially engineered e-mail that directs them to a malicious server,.