Private crypto key in mission-critical hardware menaces electric grids
A private encryption key embedded into widely used mission-critical routers could be exploited by hackers to attack electric substations, railroad switches, and other critical infrastructure, security researchers have warned.
The flaw, uncovered in devices made by Siemens subsidiary RuggedCom of Ontario, Canada, is the second this year to affect its Rugged Operating System. The firmware runs mission-critical routers that have been used by the US Navy, petroleum giant Chevron, and the Wisconsin Department of Transportation to help administer industrial control systems and supervisory control and data acquisition systems, which flip switches, turn valves, and manipulate other machinery in industrial settings. Rugged OS is fluent in both the Modbus and DNP3 communications protocols used to natively administer such ICS and SCADA gear.