Siemens stains its reputation

An insecurity expert has accused Siemens of lying to the press about security bugs which could result in hackers taking out critical infrastructure.

Writing in his bog, Billy Rios said that Siemens’ SIMATIC systems can be easily hacked into and controlled remotely by anyone with an internet connection.

Yet Rios is furious that Siemens spinners told Reuters that “there are no open issues regarding authentication bypass bugs at Siemens.”

This statement was news to Rios who had reported a glaring authentication bypass for Siemens SIMATIC systems in May – and had been patiently waiting for a fix as it affects pretty much every Siemens SIMATIC customer.

He went on to disclose the username and password for Siemens SIMATIC systems and adds: “If a user changes their password to a new password that includes a special character, the password may automatically be reset to “100”. Yes, you read that correctly…”

Siemens SIMATIC systems were in the news after they were compromised by the Stuxnet virus. While Stuxnet was fairly advanced, if Rios is right it probably didn’t have to be.

He said that the session cookie returned by SIMATIC when a user logs in appears secure, but he found that almost the same cookie is returned every time a user logs in. Once decoded, the values of the cookies are “totally predictable”.

It means that a hacker could gain remote access to a SIMATIC HMI which runs various control systems and critical infrastructure around the world. It would be possible to take over a control system without knowing the username or password.

With things that serious, he is furious that Siemens should claim that there are “no open issues regarding authentication bypass bugs at Siemens.”

In his bog, he muttered: “Next time, Siemens should think twice before lying to the press about security bugs that could affect the critical infrastructure….to everyone else, Merry Christmas”.