8-12-19 – News This Past Week

Connected Cars Could be a Threat to National Security, Group Claims
The cyber threat to connected cars (cars with a connection to the internet) is known and accepted. Now Los Angeles-based Consumer Watchdog (CW) has elevated that threat to one of national security in a new report titled, “Kill Switch: Why Connected Cars Can be Killing Machines and How to Turn Them Off.”
https://www.securityweek.com/connected-cars-could-be-threat-national-security-group-claims

Industrial Giants Respond to ‘Urgent/11’ Vulnerabilities
In late July, IoT security firm Armis disclosed eleven vulnerabilities found by its researchers in the VxWorks real time operating system (RTOS). The flaws, six of which have been described as critical, can allow a remote attacker to take control of impacted systems
https://www.securityweek.com/industrial-giants-respond-urgent11-vulnerabilities

A Boeing Code Leak Exposes Security Flaws Deep in a 787’s Guts
Late one night last September, security researcher Ruben Santamarta sat in his home office in Madrid and partook in some creative googling, searching for technical documents related to his years-long obsession: the cybersecurity of airplanes
https://www.wired.com/story/boeing-787-code-leak-security-flaws/

Siemens S7 PLCs Share Same Crypto Key Pair, Researchers Find
Wool, Eli Biham and Sara Bitan of Technion, and Uriel Malin of Tel Aviv University reverse-engineered the S7’s cryptographic protocol and were able to attack the S7-1500 PLC with a fake engineering workstation posing as a Siemens TIA (Totally Automated Integration Portation) system that forced the S7 to power on and off and follow other commands, as well as download rogue code
https://www.darkreading.com/vulnerabilities—threats/siemens-s7-plcs-share-same-crypto-key-pair-researchers-find-/d/d-id/1335452

Hackers Can Use Rogue Engineering Stations to Target Siemens PLCs
Malicious actors could use rogue engineering workstations to take control of Siemens programmable logic controllers (PLCs), and they can hide the attack from the engineer monitoring the system, researchers from two universities in Israel have demonstrated
https://www.securityweek.com/hackers-can-use-rogue-engineering-stations-target-siemens-plcs

Vulnerabilities in Siemens’ most secure industrial PLCs can lead to industrial havoc
Critical vulnerabilities in the Siemens S7 Simatic programmable logic controller (PLC) have been discovered by cybersecurity researchers at Tel Aviv University and the Technion Institute of Technology

Vulnerabilities in Siemens’ most secure industrial PLCs can lead to industrial havoc

Posted in Uncategorized.