Cybergeddon now? Industrial control systems targeted
Security researcher Reid Wightman from the firm ioActive has found an undocumented back door in CoDeSys, the management software used by 261 different manufacturers of ICS devices. The back door gives full access without requiring authentication and has prompted the US Department of Homeland Security's ICS-CERT to issue an alert (PDF).
We've discussed ICS on the Patch Monday podcast before, including the Stuxnet operation against Iran's uranium enrichment program, how an air gap doesn't work to protect networks any more, and even war studies academic Thomas Rid reckons that cyberwar will not happen.
But hackers are getting smarter and, by the time you read this, it's likely that a module to detect Wightman's newly-discovered vulnerability will have already found its way into automated hacking tools. Doesn't this change the balance of power?