A US security research organisation says it has discovered methods hackers could use to sabotage power plants, oil refineries or manufacturing operations.
By submitting your email address, you agree to receive emails regarding relevant topic offers from TechTarget and its partners. You can withdraw your consent at any time. Contact TechTarget at 275 Grove Street, Newton, MA.
"This is a global problem. There are no fixes to this right now and bad guys would be able to cause real environmental and physical problems and possibly loss of life," said Rick Moy, chief executive at US computer security research firm NSS Labs, according to AFP reports.
NSS Labs says it shared its findings on supervisory control and data acquisition (SCADA) system vulnerabilities with the US Computer Emergency Readiness Team (CERT). NSS added that it was briefing industrial facilities, but was revealing little publicly out of concerns for safety.
NSS researcher Dillon Beresford reported finding "multiple vulnerabilities" in Siemens programmable logic controllers (PLCs) targeted by the Stuxnet worm.
While Stuxnet targeted PLCs through operating system software, NSS researchers found ways to reprogram the devices directly if they can be reached on a network.
NSS Labs has also challenged the widely held belief that Stuxnet was created at huge cost by a nation state.
According to NSS Labs, it took researchers less than three months to come up with attacks on the controllers, on a budget of less than $3,000.
Siemens has played down concerns that an attack could be pulled off outside a lab and said it was working to address the vulnerabilities.