|
The security of billions and billions of devices (e.g. industrial control systems, PLCs,[0] SCADA,[1] ERTs,[2] etc.) that are responsible for controlling and monitoring virtually every aspect of modern life (e.g. power grid, water purification, natural gas transmission, oil and gas extraction, vehicle traffic control, rail signalling, pharmaceutical manufacturing, etc.) is appalling. The manufactures and integrators of these devices are just now beginning to realize that the internet exists and that their devices aren't always connected to perfectly isolated RS-485[2] networks or connected to a network at all. They commonly contain hard coded passwords, passwords with staggeringly limited length and complexity, plain text authentication, default passwords, and other backdoors. Working with such devices is like taking a Delorean back to the early 90s, the eighties, or even earlier... it's the wild west. It pleases me beyond words that hacking contests like Pwn2Own[4] have begun to include these systems in their competitions. This is a massively important area of security research that has historically been ignored. [0] https://en.wikipedia.org/wiki/Programmable_logic_controller [1] https://en.wikipedia.org/wiki/SCADA [2] https://en.wikipedia.org/wiki/Encoder_receiver_transmitter [3] https://en.wikipedia.org/wiki/RS-485 [4] https://en.wikipedia.org/wiki/Pwn2Own |