Did you like this?
friends and colleagues.
WIRED, By: Kim Zetter
A critical vulnerability discovered in an industrial control system used widely by the military, hospitals and others would allow attackers to remotely control electronic door locks, lighting systems, elevators, electricity and boiler systems, video surveillance cameras, alarms and other critical building facilities, say two security researchers.
The vulnerability in the Tridium Niagara AX Framework allows an attacker to remotely access the system’s config.bog file, which holds all of the system’s configuration data, including usernames and passwords to log in to operator work stations and control the systems that are managed by them.
Billy Rios and Terry McCorkle, noted security researchers with Cylance, who have found numerous vulnerabilities in the Tridium system and other industrial control systems in the last two years, demonstrated a zero-day attack on the system at the Kaspersky Security Analyst Summmit on Tuesday. The attack exploits a remote, pre-authenticated vulnerability that, combined with a privilege-escalation bug, gave them root on the system’s platform, which underlies the devices.
Related Business News Articles
Kaspersky Lab Ramps Up Ransomware Protection for Small Businesses with Kaspersky Small Office Security
Kaspersky Lab released a new version of its Kaspersky Small Office Security software to help very small businesses (VSBs) stay on top of the ever growing number of cyberthreats they face today.Learn more >
Kaspersky Lab announced today that its experts investigated how cybercriminals could exploit new biometric ATM authentication technologies planned by banks.Learn more >