Internet Scan Reveals More Than 100 Critical Infrastructures Exposed Online
By Joseph Lorenz on July 22, 2016
In the Fall of 2015 researchers at Wache of Berlin conducted an Internet scan of the IPv4 address space, with the intent to search for specific routers used by industrial control systems(ICS). But one researcher Tim Philipp Schafers started to uncover unauthenticated web applications used for ICS management interfaces that were available publicly online. The researchers noticed a pattern in the HTTP headers and wrote a python script to search for the pattern in the IPv4 public space. More than 100 systems turned up in the search results including hydropower plants, around half of them required authentication, while the rest didn’t require it and we’re administrator accessible.
Experts have been publishing advisories for years about the serious lack of security in supervisory control and data acquisition(SCADA) and ICS systems, and a simple shodan or custom search will clearly highlight this problem. Some of the most alarming finds from the Internet Wache’s report are the hydropower facilities, where three of the Human Machine Interface(HMI) systems were in Germany and one near Munich services 80,000 people with drinking water. According to Wache researchers were able to read data from sensors on water consumption and other plant-related values. Then those values could be manipulated so that operators would believe processes were running normally even though they were not. And one plant has access to pumps which could make it possible to disrupt a city’s water supply.
Schafers says “awareness about security in ICS and SCADA systems remains low.”, and that services like Facebook are exceptionally secure because of their popularity but we need to be aware of these infrastructure systems that control our critical resources.