
New worm can propagate between power-plant controllers without a host PC - DyslexicAtheist
http://www.theregister.co.uk/2016/05/05/daisychained_research_spells_malware_worm_hell_for_utilities?mt=1462693149073
======
snowwindwaves
I work with PLCs and read the paper the article links to and it looks
legitimate. They do note that the PLC program is stopped for 10 seconds when
the worm infects a new host which may or may not give it away depending on the
process the PLC is controlling.

I guess I'll start putting a password on my programs, although they point out
that the protection was all based in the IDE and could be removed by writing
directly to PLC.

~~~
janci
Password protection enforced at the client seems to be Siemens way of doing
security. I discovered this flaw in their heat pump controller when I was
working on monitoring system for the pump. I had to disassemble their Java
applet that was used to show temperature information and configure the
controller to replicate the protocol used. Password protection? Client reads
the password from the controller and compares it to user-provided string. If
there is a match, client continues to read/write data, if not, client asks for
password again. No password verification on controller at all.

~~~
rasz_pl
hey, at least they started moving away from passwords hardcoded in firmware.

------
tremon
What an awful title. It's almost unparseable, and the only I reason I clicked
the link is to see if the article was as badly written as the title.

I have to ask: are the programming ports of PLC's customarily left open after
deployment? I have little experience with them, but I thought most programming
modes reconfigured some of the (few) pins for programming. In normal
operation, aren't these pins reconfigured for something useful?

(edit: nevermind, seems I'm thinking of a lot smaller devices than the
research article)

~~~
digi_owl
The Register's headlines are specifically constructed to emulate the scaretype
headlines of British newspapers like The Daily Mail.

Think of it as their kind of snark. After all it is a site that has "biting
the hand that feeds IT" as their subtitle.

~~~
scholia
True, but it became tired and tiresome more than a decade ago. It may well be
costing them a lot of readers....

