After delay, hacker to show flaws in Siemens industrial gear
NSS Labs Researcher Dillon Beresford expects to go public at the Black Hat security conference in Las Vegas on Aug. 2–3 with his research showing problems with Siemens computers used in power plants, heavy industry, and chemical plants.
In May, Beresford was pulled out of a Dallas hacking conference at the last minute when Siemens was unable to fix problems he’d found in the firmware of its S7 programmable logic controller.
Devices like the S7 do things such as control how fast a turbine spins (Stuxnet, a computer virus, targeted an S7 computer at Iranian nuclear facilities) or open gates on dams. Beresford has discovered six vulnerabilities in the S7 that “allow an attacker to have complete control of the device,” says NSS Labs CEO Rick Moy.
Siemens has said that the NSS attack was made “working under special laboratory conditions.” Beresford wasn’t impressed with that comment. In a May interview, he called for Siemens to publish a security advisory on the bugs along with a timetable of when they will be fixed.