It’s Easy to Hack the Program That Runs Our Power Grids, It Turns Out

Two hackers simply pwned the software program that runs a majority of the world’s electrical grids. And they did it with out breaking a sweat.

Thankfully, the hackers in query weren’t cybercriminals or nation-state brokers making an attempt to wreak havoc however adept white hats, who rocked the software program on stage in entrance of an viewers at 2022’s Pwn2Own, a hacker convention this week in Miami, in line with MIT Technology Review. The level of such conferences is to determine bugs in software program in order that firms can patch them earlier than they’re exploited by unhealthy guys.

Dutch safety researchers Daan Keuper and Thijs Alkemade stated that breaking into OPC UA, an open supply communications protocol utilized by a majority of commercial management techniques around the globe, was the “easiest” factor they’d hacked on the convention thus far. “In industrial control systems, there is still so much low-hanging fruit,” Keuper advised MIT. “The security is lagging behind badly.” Comforting information!

Keuper and Alkemade apparently went to city on droves of various sorts of industrial management software program, however the hacking of OPC UA protocol gained the duo $40,000 and helped them to safe the convention’s championship title, referred to as “Master of Pwn.”

“OPC UA is used everywhere in the industrial world as a connector between systems,” Keuper advised MIT. “It’s such a central component of typical industrial networks, and we can bypass authentication normally required to read or change anything. That’s why people found it to be the most important and interesting. It took just a couple of days to find.”

As Tech Review aptly notes, it’s fairly unsettling timing for this accomplishment to happen. For the final a number of weeks, nationwide safety professionals and White House officers have very publicly worried that Russian nation state hackers would possibly try to conduct debilitating cyberattacks on U.S. crucial infrastructure as retaliation for U.S. assist for Ukraine. The White House recently warned American firms to be on guard in opposition to potential cyberattacks and the FBI and different businesses have said they concern Russian assaults on electrical energy grids, nuclear energy crops, water techniques, and extra.

The query naturally springs to thoughts: If it’s a cinch for 2 contest-goers to hack a utility system, what’s the chance that overseas intelligence businesses have the identical capabilities? In brief: good job, guys! But, additionally, yikes!