Tuesday, December 30, 2014

31C3: Too Smart Grid in da Cloud ++

This year we want to discuss Green Energy. Our hackers' vision of Green Energy, SmartGrids and Cloud IoT technology.  Our latest research was devoted to the analysis of the architecture and implementation of the most wide spread platforms for wind and solar energy generation which produce many gigawatts of it. It may seem (not) surprising but the systems which manage huge turbine towers and household PhotoVoltaic plants are not only connected to the internet but also prone to many well known vulnerabilities and low-hanging 0-days. Even if these systems cannot be found via Shodan, fancy cloud technologies leave no chances for security.

Sunday, December 28, 2014

SOS! Secure Open SmartGrids!

Dear all,

After our 31C3 Too SmartGrid in da Cloud talk we get many questions about Solar and Wind plants vulnerabilities, Internet connected SmartGrid devices. Guys, sorry, but we don’t know yet.

There are dozens of platforms, hundreds of vendors, thousands of SmartGrid devices… Millions of them connected to Internet without any protection. But you can change the situation.
Join our SCADASOS project to make the world safer!

Tuesday, December 16, 2014

Wednesday, October 29, 2014

Different type of SCADA...

+Update http://blog.ptsecurity.com/2015/01/hacking-atm-with-raspberry-pi.html

Slides and demo from Olga and Alex report on ATM hacking at Black Hat. MS08-067 strikes again. Now ATM.
There are a lot of different kinds of SCADA...


Monday, September 1, 2014

Few bugs in Wonderware Information Server

Vulnerabilities/fixes in Schneider Electric/Invensys Wonderware Information Server (WIS) to support tradition.

The following Schneider Electric WIS versions are affected:

  • Wonderware Information Server 4.0 SP1 Portal,
  • Wonderware Information Server 4.5 Portal,
  • Wonderware Information Server 5.0 Portal, and
  • Wonderware Information Server 5.5 Portal.