An amateur cybersecurity researcher who bought industrial computer networking equipment on e-Bay for fun has discovered a critical weakness in equipment that helps run railroads, power grids, and even military installations nationwide.
The vulnerability means that hackers or other nations could potentially take control of elements within crucial American infrastructure ”“ from refineries to power plants to missile systems ”“ sabotaging their ability to operate from within.
Analysts say the problem is likely fixable, but the enthusiast says he has gone public only because the company that manufactures the equipment, RuggedCom of Concord, Ontario, has declined to address the issue since he made it known to them a year ago.
“It’s clearly a huge risk,” says Dale Peterson, CEO of Digital Bond, a control systems security firm in Sunrise, Fla. “Anytime someone can take down your network infrastructure, essentially cause a loss of control of the process ”“ or your ability to monitor it, very dangerous things can happen.”
The vulnerability has to do with what is known as a digital ”œback door.” The back door is a secret login that allows the manufacturer to get into the equipment’s control systems without anyone knowing about it ”“ even the purchaser. In theory, manufacturers could use their back doors to send updates to the equipment, but since they are secret, their use is not well known.