Comments
Hacking Factory Robot Arms for Sabotage, Fun & Profit
Newest First  |  Oldest First  |  Threaded View
Joe Stanganelli
0%
100%
Joe Stanganelli,
User Rank: Ninja
7/4/2017 | 10:32:44 AM
Re: Tech is Tech is Tech
@Christian: You raise excellent points -- and I don't see any of this changing as long as "first to market, first to market, first to market" remains the battle cry of global industry.
Joe Stanganelli
0%
100%
Joe Stanganelli,
User Rank: Ninja
7/4/2017 | 10:31:41 AM
Alternatively, violence
Alternatively, a dastardly hacker who cares less for subtlety and "the long game" could potentially hack into those big yellow robotic arms to cause massive devastation and even hurt people.

Comic book idea: Hacker introduces micro-defect, blackmails company engineer, company engineer pays up, and before company engineer can fix the problem, hacker uses IIoT hack to kill the company engineer. Rinse and repeat.
Christian Bryant
0%
100%
Christian Bryant,
User Rank: Ninja
6/30/2017 | 12:15:42 PM
Tech is Tech is Tech
Not to get repetitive, but tech is tech is tech.  All I can say to this is that, if you make an electronic device that has parts that can "talk" to other parts, or has an interface that can be "talked" to in any way, and that device controls something, assume it can and will be hacked, cracked, etc.

Hacking {Fill in Your Product} for Sabotage, Fun & Profit should be the very first document written before a product even goes to the Testing team.  The more exploits discovered in Dev the better; putting anything out in Prod (especially manufacturing and hospital robotics) that can be hacked in this first weeks of Production use shows limited concern for the end user, the company as a whole and the industry.

As interesting as all these studies and guidelines are, they all point to the same trend.  That trend is a too-loose security and software methodology and regulatory environment that encourages - no, mandates - more aggressive product security development and risk analysis.

 

 

 


5 Reasons the Cybersecurity Labor Shortfall Won't End Soon
Steve Morgan, Founder & CEO, Cybersecurity Ventures,  12/11/2017
Oracle Product Rollout Underscores Need for Trust in the Cloud
Kelly Sheridan, Associate Editor, Dark Reading,  12/11/2017
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: This comment is waiting for review by our moderators.
Current Issue
The Year in Security: 2017
A look at the biggest news stories (so far) of 2017 that shaped the cybersecurity landscape -- from Russian hacking, ransomware's coming-out party, and voting machine vulnerabilities to the massive data breach of credit-monitoring firm Equifax.
Flash Poll
[Strategic Security Report] Cloud Security's Changing Landscape
[Strategic Security Report] Cloud Security's Changing Landscape
Cloud services are increasingly becoming the platform for mission-critical apps and data. Heres how enterprises are adapting their security strategies!
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2017-0290
Published: 2017-05-09
NScript in mpengine in Microsoft Malware Protection Engine with Engine Version before 1.1.13704.0, as used in Windows Defender and other products, allows remote attackers to execute arbitrary code or cause a denial of service (type confusion and application crash) via crafted JavaScript code within ...

CVE-2016-10369
Published: 2017-05-08
unixsocket.c in lxterminal through 0.3.0 insecurely uses /tmp for a socket file, allowing a local user to cause a denial of service (preventing terminal launch), or possibly have other impact (bypassing terminal access control).

CVE-2016-8202
Published: 2017-05-08
A privilege escalation vulnerability in Brocade Fibre Channel SAN products running Brocade Fabric OS (FOS) releases earlier than v7.4.1d and v8.0.1b could allow an authenticated attacker to elevate the privileges of user accounts accessing the system via command line interface. With affected version...

CVE-2016-8209
Published: 2017-05-08
Improper checks for unusual or exceptional conditions in Brocade NetIron 05.8.00 and later releases up to and including 06.1.00, when the Management Module is continuously scanned on port 22, may allow attackers to cause a denial of service (crash and reload) of the management module.

CVE-2017-0890
Published: 2017-05-08
Nextcloud Server before 11.0.3 is vulnerable to an inadequate escaping leading to a XSS vulnerability in the search module. To be exploitable a user has to write or paste malicious content into the search dialogue.