United States thousands of earthquake-sensing system vulnerabilities: If the attack is serious-hacker, cyber-attacks-IT information
According to foreign media reports, according to a study, United States thousands of earthquake-sensing system to monitor geological activities potentially unsafe and vulnerable to network attacks.
At the Def Con hacker Conference, security experts detail the seismic sensing system transmitting data security vulnerabilities.
Security researchers have found they can fool seismic sensing system or seismic sensing system overload, so as to make it appear very inaccurate monitoring data.
This major discovery has been to the United States computer emergency response team in charge of monitoring the national infrastructure (US Computer Emergency Readiness Team, referred to US Cert) report.
"Before this, we have yet to see any safety studies in this field. "Costa Rica security expert bertine-Bonilla (Bertin Bonilla) said. He and his colleagues James William (James Jara) with the security research work.
Bonilla said seismic sensors to monitor network security problems surfaced during the implementation of a project is another. The project tries to find and draw the connection to the smart devices on the network, and to develop for the Internet search engine.
Because these networked devices is a geographic location of the data collected and their specificity, they quickly attracted the attention of security researchers.
"These networked devices in extreme environments, such as Ocean Center near the volcano. , "Bonilla said.
They discovered through in-depth investigation and study, it is easy to connect to these seismic sensing system, and see how they collect and transfer data. Each of these seismic sensing system cost about $ 30,000.
Researchers tracked links to view the Central Server is responsible for data collection, resulted in the discovery of many loopholes, including the default password. An attacker could use these vulnerabilities to control the entire network.
"We have a root shell (root shell). "Bonilla says," this is the highest level of permissions to access seismic sensing system, we can use this permission to do what we want to do anything. However, once it is intrusive, it will cause a lot of damage. ”
Bonilla said the network and sensor systems risk is very small. The real risk is that an attacker can easily access these networks and seismic sensing system.
"These devices monitor natural disasters. "He said that" the abuse they may give companies or countries caused incalculable economic loss. ”
Information about those vulnerabilities have been reporting to US Cert. The emergency team is mainly responsible for coordination, strengthening the national infrastructure coordinating security.
US Cert has sent relevant information to the responsible for seismic sensing system and data collection equipment in Canada company Nanometrics. These seismic sensing system and data collection equipment constitutes a seismic monitoring network.
Nanometrics company has yet to comment.
美国数千地震感应系统存在安全漏洞:若被攻击后果严重 - 黑客,网络攻击 - IT资讯
据外媒报道,一份研究报告称,美国数千个监测地质活动的地震感应系统存在安全隐患,容易受到网络攻击。
在Def Con黑客大会上,安全专家详细阐述了地震感应系统传输数据的安全漏洞。
安全研究人员发现,他们可以愚弄地震感应系统,或让地震感应系统超负荷运行,从而让它显示非常不准确的监测数据。
这一重大发现已向美国负责监控全国基础架构的计算机应急响应小组(US Computer Emergency Readiness Team,简称US Cert)进行了汇报。
“在此之前,我们尚未看到这个领域的任何安全研究报告。”哥斯达黎加的安全专家伯廷-博尼拉(Bertin Bonilla)说。他与同事詹姆斯-加拉(James Jara)一起进行了这项安全研究工作。
博尼拉称,地震感应监测网络的安全问题是在另一个项目的实施过程中浮出水面的。那个项目试图发现和绘制连接到网络中的智能设备,并开发针对物联网的搜索引擎。
由于这些联网设备所在地理位置以及它们所收集数据的特殊性,它们很快就引起了安全研究人员的注意。
“这些联网设备位于极端环境下,比如海洋中心和活火山附近。”博尼拉说。
他们通过深入的考察研究发现,人们很容易连入这些地震感应系统,并查看它们收集和传输的数据。这些地震感应系统每个造价约为3万美元。
研究人员跟踪查看负责收集数据的中央服务器的链接,结果发现了很多漏洞,包括常见的默认密码。攻击者能够利用这些漏洞来控制整个网络。
“我们有一个根命令解释程序(root shell)。”博尼拉说,“这是访问地震感应系统的最高级别的权限,我们可以利用这个权限来做我们想做的任何事情。但是,它一旦被侵入,就会造成很大的破坏。”
博尼拉称,网络和感应系统本身的风险很小。真正的风险在于攻击者可以轻易访问这些网络和地震感应系统。
“这些设备监测的是自然灾害。”他说,“滥用它们可能会给相关公司或国家造成无法估量的经济损失。”
有关这些漏洞的信息已向US Cert进行了汇报。该应急小组主要负责协调工作,加强国家基础架构协调的安全。
US Cert已将相关信息发送给了负责生产地震感应系统和数据收集设备的加拿大公司Nanometrics。这些地震感应系统和数据收集设备构成了地震监测网络。
Nanometrics公司尚未就此发表评论。