On Thanksgiving day I had a morning’s worth of time to wait for a turkey to cook, so I decided to take a shot at finding as many SCADA 0day vulnerabilities as possible. As we at Exodus we responsibly report all vulnerabilities we deal with, my goal was to report any such findings for free to ICS-CERT, the group responsible for collaborating with SCADA vendors to ensure vulnerabilities are fixed.For those who haven't been reading my Jeremiads on the subject, SCADA are the control computers that run the electric power grid, oil refineries, factories - the infrastructure of the modern economy. Thousands have been connected to the Internet (to make them easier to manage).
The most interesting thing about these bugs was how trivial they were to find. The first exploitable 0day took a mere 7 minutes to discover from the time the software was installed. For someone who has spent a lot of time auditing software used in the enterprise and consumer space, SCADA was absurdly simple in comparison.
Security wasn't an after thought, it wasn't thought of at all.
The researcher found 23 security bugs, ranging from code execution to file system manipulation to denial of service. I'd go out on a limb and say that the denial of service ones are perhaps the most dangerous - I don't know that it would be possible to DoS a refinery and make it go boom, but I don't know that you couldn't, either.