Once upon a time it didn’t seem necessary to protect automation systems (PLCS’s) against hackers and people with bad intentions. They were connected to isolated networks and there was no link to the outer world. Nowdays engineers want to see how their machines are doing on the other side of the planet meaning that in some way there is a link between the automation system and the internet.

Whenever a computer that is connected to the plant bus and to the internet is infected with a trojan a hacker can gain access to the  plant bus from whereever he wants. Since the security on the plant bus is poor or unexistant the hacker will be able to connect to the PLC’s on the network.

During ‘Black Hat 2011′ Dillon Beresford reveald that he found ways to bypass the S7’s security measures and read and write data into the PLC memory, even when the system has password protection enabled. And on the S7-300 Beresford even found a command shell left in the firmware by Siemens engineers, that he can connect to and use to run commands on the system.

It’s a Unix-like shell where commands can be ran. Username: basisk; password: basisk. This shell is a “back door” to the system that can be used to gain access to automation controllers.

So, what can be hacked using this security issue? Every system that has a connection to the outer world! (network, usb stick,…)

Are we in danger? Let’s hope not. If the engineers of nuclear plants, water purification installation and other critical installations used their common sense while designing the plants. The controller of a critical plant should always be isolated from the outer world. Monitoring the plant can be done with separate sensors and controllers whenever necessary.