23 Jul 2024


Security researchers find flaws in Ethernet switches

Cyber-security researchers in the US say that they have found security flaws in industrial Ethernet switches and gateways which could be used to attack industrial control systems in industries ranging from manufacturing to power generation. They have found vulnerabilities in four makes of Ethernet switch, but say that similar problems could exist in other devices.

The researchers –­ Colin Cassidy and Eireann Leverett from IOActive, and Robert Lee from Dragos Security – revealed their findings at the Black Hat security conference held in Las Vegas this month. Their presentation (called Switches get Stitches) focused on 11 vulnerabilities that they found in five families of products from Siemens, GarrettCom, GE and OpenGear.

According to the researchers, most industrial system protocols lack authentication or cryptographic integrity, so compromising a switch allows the creation of malicious firmware updates for “man-in-the-middle” (MITM) manipulation of live processes. Such MITM attacks can lead to plants or processes shutting down, or getting into unknown and hazardous states.

At the Black Hat conference, the researchers disclosed vulnerabilities that they found in the Ethernet switches in their default configurations. They also demonstrated methods of finding those vulnerabilities.

They have told the switch suppliers about the vulnerabilities, but point out that it can take up to three years to patch Scada and ICS (industrial control systems) operating in live environments. Because of this lag, the researchers suggested some live mitigations that ICS users can apply immediately to protect themselves.

Speaking at a press briefing at the conference, Cassidy pointed out that “a lot of these switches have configurations that you can turn on or modify to strengthen your security”.

The researchers complimented OpenGear on the speed with which it reacted to their vulnerability reports. The company issued a patch for one of its switches in less than a week, and “put everyone else to shame”, they reported.

Although, in their Black Hat presentation, the cyber-researchers described 11 vulnerabilities that they had found in Ethernet switches – including weak authentication and clear text passwords – they add that they “ran out of space to talk about more”.