The global site of the UK's leading magazine for automation, motion engineering and power transmission
31 May, 2023

Twitter link

Security researchers find flaws in Ethernet switches

13 August, 2015

Cyber-security researchers in the US say that they have found security flaws in industrial Ethernet switches and gateways which could be used to attack industrial control systems in industries ranging from manufacturing to power generation. They have found vulnerabilities in four makes of Ethernet switch, but say that similar problems could exist in other devices.

The researchers –­ Colin Cassidy and Eireann Leverett from IOActive, and Robert Lee from Dragos Security – revealed their findings at the Black Hat security conference held in Las Vegas this month. Their presentation (called Switches get Stitches) focused on 11 vulnerabilities that they found in five families of products from Siemens, GarrettCom, GE and OpenGear.

According to the researchers, most industrial system protocols lack authentication or cryptographic integrity, so compromising a switch allows the creation of malicious firmware updates for “man-in-the-middle” (MITM) manipulation of live processes. Such MITM attacks can lead to plants or processes shutting down, or getting into unknown and hazardous states.

At the Black Hat conference, the researchers disclosed vulnerabilities that they found in the Ethernet switches in their default configurations. They also demonstrated methods of finding those vulnerabilities.

They have told the switch suppliers about the vulnerabilities, but point out that it can take up to three years to patch Scada and ICS (industrial control systems) operating in live environments. Because of this lag, the researchers suggested some live mitigations that ICS users can apply immediately to protect themselves.

The cyber-security experts complimented OpenGear on the speed with which it issued a patch to fix a security weakness that they had discovered

Speaking at a press briefing at the conference, Cassidy pointed out that “a lot of these switches have configurations that you can turn on or modify to strengthen your security”.

The researchers complimented OpenGear on the speed with which it reacted to their vulnerability reports. The company issued a patch for one of its switches in less than a week, and “put everyone else to shame”, they reported.

Although, in their Black Hat presentation, the cyber-researchers described 11 vulnerabilities that they had found in Ethernet switches – including weak authentication and clear text passwords – they add that they “ran out of space to talk about more”.

  • To view a digital copy of the latest issue of Drives & Controls, click here.

    To visit the digital library of past issues, click here

    To subscribe to the magazine, click here



"Do you think that robots create or destroy jobs?"



Most Read Articles