Titania Security

Un-configured firewalls and out of date equipment- engineers show how easy it can be to hack an oil well

News   •   Aug 02, 2013 10:40 BST

Security Researchers at Black Hat 2013 conference in Las Vegas have demonstrated how easy it is to hack into SCADA systems, which are widely deployed on oil wells. Through gaining access to the programmable logic controller (PLC) they could turn pumps on and off. They were also able to manipulate the data Human Machine Interface (HMI) which is what allows field workers and remote administrators to monitor the system. Engineer of the project, Eric Forner said,

"It's not rocket science, but it's extremely dangerous. In real life that would be a pipe blowout. That could be oil or acid or anything."

And how? It seems that a large amount of vulnerabilities are caused because the HMI’s windows machines are ‘woefully out of date’ and PLC’s use an old Ethernet module which run on ‘ancient versions of Linux.’ Furthermore in some cases there are no firewalls in place and where there are they are implemented as a compliance requirement rather than a security barrier and let all traffic past. For a system as critical and potentially harmful as this it’s no surprise that Jack Clarke (The Register) states these findings are ‘sure to induce brown trousers in people who live near oil pipelines’.

Read more regarding how engineers Eric Forner and Brian Meixell induced catastrophic failure in the mock oil well here. 

[Titania's produces Nipper Studio software which audits on network devices (firewalls switches & routers) Try it for free at www.titania.com ]