(Not) making the grade

The researchers working on Project Basecamp found significant security issues with programmable logic controller (PLC) they tested. Some PLCs were too brittle and insecure to even tolerate security scans and probing.

The researchers working on Project Basecamp found significant security issues with programmable logic controller (PLC) they tested. Some PLCs were too brittle and insecure to even tolerate security scans and probing.

The D20 ME PLC by General Electric – a widely deployed industrial system – fared the worst. Wightman’s analysis of the device, which retails for around $15,000, revealed that the D20 relied on both hardware and firmware that was more than two decades old and was rife with hidden “back door” administrative accounts, remotely exploitable vulnerabilities and absent any security controls. Here he highlights a bypass on the D20 controller that Wightman said was highly unusual in a shipped product – and that could be a source of failure.

Suggested articles

2020 Cybersecurity Trends to Watch

Mobile becomes a prime phishing attack vector, hackers will increasingly employ machine learning in attacks and cloud will increasingly be seen as fertile ground for compromise.

Top Mobile Security Stories of 2019

Cybercrime increasingly went mobile in 2019, with everything from Apple iPhone jailbreaks and rogue Android apps to 5G and mobile-first phishing dominating the news coverage. Here are Threatpost’s Top 10 mobile security stories of 2019.

Discussion

Subscribe to our newsletter, Threatpost Today!

Get the latest breaking news delivered daily to your inbox.