How easy it is to find unsecured PLCs around the globe
As a company producing hundreds of machines per year and placing them around the world, we have to put quite some effort into securing the IT equipment in our machines, including everything from constant software updates to a proper password and certificate management. And all this even if the machines a deeply embedded in our customer's IT infrastructure - still we can't and mustn't rely on the customer's IT knowledge.
So what if there was a way to find all those devices hooked up to the internet and check if they are secure. Hold tight, there is: shodan.io
So let's tryit out: It's easy to hunt for Siemens, Allen-Bradley and all other brands. Let's look for Codesys as example, by searching open port 2455 ("port:2455"), which leads to thousands of available PLCs.
So let's look at an IP address. Shouldn't be a problem, should it?
A random example from the above lis
领英推荐
Besides the open Codesys Port 2455 (where you can probably download ANY application), there are ports 80 and 8080 open, both commonly used for web pages.
Port 80 reveals the WAGO admin panel, and a short web search for "wago plc default login" let's me login and I can administer the PLC, changing config, reboot etc. This could potentially be a dangerous hazard, and even injuriing people!
Amazing, and massively frightening! All this took me amobile phone and 10.minutes time. I am not a hacker, but use a freely available search engine, and just scratched the surface of what is available.
Who is to blame? Not the PLC suppliers, they write clearly in their instruction to att least change the default passwords.
The ones to blame are the control system engineers not pointing out the flaws, and especially the customers buying and using automation equipment without any requirements to IT security. Most likely they don't have the knowledge for that, and then the responsibility falls back to the automation engineer who must push for security at all time.
So do your homework, create requirements and enforce their application. Do it now, not tomorrow, because then it cpuld be too late!
Business development | Customer growth | Value based solution selling | Relationship building | Datadriven decisions | Sales process | Sales excellence | Sales leadership
2 年Interesting and the more important to consider when choosing automation platform for you machine and production plant. Looking into Linux based solutions is another aspect to consider, where the use of container technology provides safety since the single containers are isolated from each other and host system in their own sandbox and thus only letting data flow thorugh the datalayer. In case of a malware breach it is isolated into the container, secure by default. On top of that has Jan Leslie mentions installation of firewalls between machine and end-users IT/OT. In this case even the firewalls application run as containers applications on the linux system even when run directly on the servodrive alternatively on the controller, in this case acting as a router or gateway to the IoT World on your machine. #automation #security #factoryofthefuture
Automation Professional
2 年So Right ! And a good reason for all machinebuilders to put an updatable firewall between the machines they deliver and the end-users IT/OT. Not their fault if the machine they delivered gets infected/breached, but still going to be their problem. Patching and updating the OS of the automation platform is often a no go due to functionality and on top not an option over the lifetime of the machine, as these become unavailable after 5-8 years. Adressing this with an IXON Router provides you with an upside from digital business starting from remote service over increased wear and tear parts to predictive services.