Navigation Links
IOActive Uncovers Vulnerability in Wireless Industrial Automation Software from ProSoft Technology
Date:10/23/2013

Seattle, Washington (PRWEB) October 23, 2013

IOActive, Inc., the leading global provider of specialist information security services, today announced that it has discovered a vulnerability in ProSoft Technology’s RadioLinx ControlScape application. The software is primarily used with Rockwell Automation and Schneider Electric solutions, and is deployed worldwide across several industries including oil and gas, water and wastewater, and electric utilities.

World authorities on Industrial Control Systems (ICS), Lucas Apa and Carlos Penagos, discovered the vulnerability in the industrial automation software. The software is used to configure and install radios in a Frequency Hoping (FH) network, as well as monitor the performance of the devices.

The software from ProSoft Technology generates a random passphrase and sets encryption levels to 128-bit Advanced Encryption Standard (AES) when it creates a new radio network. As the software uses the local time as the seed to generate passphrases, an attacker could predict the default values built into the software. This makes the system vulnerable to expedited brute-force passphrase/password attacks and other cryptographic based attacks.

“Wireless radios used in Industrial Control Systems use software, like that from ProSoft Technology, to create and manage a new network. When a new network is created the software calculates a passphrase using a pseudorandom number generator,” said Lucas Apa, security researcher for IOActive. “The problem is that it uses the local time as the seed. This makes this algorithm predictable and weak, and vulnerable to expedited brute-force passphrase and other cryptographic-based attacks.”

Carlos Penagos, security researcher for IOActive added, “By being able to guess the passphrase, an attacker could communicate with the network the device is connected to with devastating consequences. For example, if an attacker is able to communicate with devices on the wireless network of a nuclear power plant, he could manipulate the data sent from these devices to industrial processes and cause dangerous consequences by overheating liquids or over pressurising chemicals, which in turn would result in catastrophic failure.”

On September 5, 2013, the Industrial Control Systems Cyber Emergency Response Team (ICS-CERT) published an advisory providing details of the vulnerability. ProSoft Technology has produced a new firmware patch to mitigate this vulnerability.

IOActive has also issued its own IOActive Labs Advisory outlining the affected products, the impact and the solution.

About IOActive
IOActive is a comprehensive, high-end information security services firm with a long and established pedigree in delivering elite security services to its customers. Our world-renowned consulting and research teams deliver a portfolio of specialist security services ranging from penetration testing and application code assessment through to semiconductor reverse engineering. Global 500 companies across every industry continue to trust IOActive with their most critical and sensitive security issues. Founded in in 1998, IOActive is headquartered in Seattle, USA, with global operations through the Americas, EMEA and Asia Pac regions. Visit http://www.ioactive.com for more information.

Read the full story at http://www.prweb.com/releases/2013/10/prweb11257860.htm.


'/>"/>
Source: PRWeb
Copyright©2012 Vocus, Inc.
All rights reserved

Related medicine news :

1. Radioactive materials and contaminants found at fracking wastewater disposal site
2. IOActive Ramps Up Recruitment for Top Security Researchers and Consultants in South America
3. UCLA scientist uncovers biological clock able to measure age of most human tissues
4. Study of sister stem cells uncovers new cancer clue
5. j2 Global® Survey Uncovers the Work Habits of Millennials
6. Study uncovers value of mammogram screening for younger women
7. New theory uncovers cancers deep evolutionary roots
8. F. D. Williams Uncovers The Importance of Preserving Good Health
9. UGA research uncovers cost of resiliency in kids
10. New screening approach uncovers potential alternative drug therapies for neuroblastoma
11. Study uncovers new cells in the urethra which may detect hazardous substances
Post Your Comments:
*Name:
*Comment:
*Email:
(Date:10/13/2017)... ... October 13, 2017 , ... While it’s often important to take certain medications ... from Austin, Texas, has identified a solution. , She developed a prototype for MOTION ... As such, it eliminates the need to turn on a light when taking medication ...
(Date:10/13/2017)... ... October 13, 2017 , ... Lori R. Somekh, founder of the Law ... organization of elder law and special needs planning attorneys. “Membership in ElderCounsel helps our ... a forum to network with elder law attorneys nationwide,” said Somekh. , ...
(Date:10/13/2017)... ... 13, 2017 , ... Global Healthcare Management’s 4th Annual Kids Fun Run brought ... This free event, sponsored by Global Healthcare Management’s CEO, Jon Letko, is aimed at ... towards children of all ages; it is a non-competitive, non-timed event, which is all ...
(Date:10/13/2017)... (PRWEB) , ... October 13, 2017 , ... “America On ... Christian identity. “America On The Brink” is the creation of published author, William ... several great-grandchildren. As a WWII veteran, he spent thirty years in the Navy. ...
(Date:10/12/2017)... ... October 12, 2017 , ... IsoComforter, Inc. ( https://isocomforter.com ... the introduction of an innovative new design of the shoulder pad. The shoulder ... maximum comfort while controlling your pain while using cold therapy. By utilizing ice and ...
Breaking Medicine News(10 mins):
(Date:10/2/2017)... 2, 2017  Eli Lilly and Company (NYSE: ... the third quarter of 2017 on Tuesday, October 24, ... that day with the investment community and media to ... conference call will begin at 9 a.m. Eastern time. ... live webcast of the conference call through a link ...
(Date:10/2/2017)... PHILADELPHIA , Oct. 2, 2017 Halo Labs announces ... particle analysis system called the HORIZON at MIBio 2017 in ... analyzes subvisible and visible particulate matter in biopharmaceutical samples with unprecedented ... use of the novel technique Backgrounded Membrane Imaging. ... The HORIZON subvisible particle analysis system ...
(Date:9/28/2017)... Hill-Rom Holdings, Inc. (NYSE: HRC), will host ... webcast on Friday, November 3, 2017, beginning at 7:00 ... approximately 8:30 a.m. (CDT) / 9:30 a.m. (EDT). ... performance and guidance for 2018, Hill-Rom executives will also ... performance, and long-range financial outlook through 2020. ...
Breaking Medicine Technology: