On a small, blue-lit stage in a dim side room of the Fillmore Theater in Miami on Tuesday, three men sat behind laptops in front of a small crowd. Two of them nervously reviewed the commands on a screen in front of them. Steven Seeley and Chris Anastasio, a hacker duo calling themselves Team Incite, were about to attempt to take over the Dell laptop sitting a few inches away by targeting a very particular piece of software it was running: A so-called human-machine interface, sold by the industrial control systems company Rockwell Automation.
Rockwell HMIs appear in industrial facilities around the world, used for manipulating the physical equipment in everything from car washes to nuclear plants. In other words, a hacker can do very dangerous things if they manage to hijack one.
A soft beep signaled that a five-minute countdown timer had started. Seeley hit the enter key on his keyboard. A tense 56 seconds passed as the hackers looked back and forth at their screens and the target. Finally, they both flashed a relieved smile. Seeley mimed wiping sweat from his brow. The third person on the stage, a gruff-looking bald man with a goatee, turned the Dell around, à la Vanna White, revealing the laptop was now running Microsoft Paint. The room broke into applause.
The innocuous Paint application, Seeley explained as he exited stage left, serves as a stand-in for any malicious software of the hacker's choosing. It could just as easily have been full-featured malware that automatically interacts with equipment, or a basic "shell" that would allow a hacker to manually run commands on the target machine. What mattered is that Incite had just proven that they could exploit a bug in Rockwell's HMI to achieve so-called "remote code execution." T ..
Support the originator by clicking the read the rest link below.
