Security of seismic sensor grid probed - GBnews24
World News
Add Post
BN HOME
8 1 8 Bangla Newspapers


Security of seismic sensor grid probed

The poor security controls around the way the sensors transmit data were detailed in a presentation at the Def Con hacker convention.

Researchers found ways to fool and overload sensors so monitoring systems would get wildly inaccurate readings.

The findings have been reported to the US computer emergency organisation that oversees national infrastructure.

Financial sabotage

“We have not seen any research previously in this field,” said Bertin Bonilla, a security expert based in Costa Rica who, with colleague James Jara, carried out the work.

Mr Bonilla said the network of sensors came to light during a different project that tried to find and map smart devices connected to the net to create a search engine for the Internet of Things.

The devices stood out because of the distinctive fingerprint of data they surrendered to scanning software and because of their location, said Mr Bonilla.

“These devices are located in extreme environments like the middle of the ocean and around active volcanoes,” he said.

Closer scrutiny revealed that it was easy to connect to the sensors, each of which costs $30,000 (£23,000), and see the data they were gathering and transmitting.

Tracing links to central servers that collate data revealed a series of flaws, including common default passwords, that could be exploited by attackers to take control of the network, said Mr Bonilla.

“We got a root shell,” said Mr Bonilla.

“That’s the highest level of privilege on the system so we could do anything we wanted. It was completely compromised.”

Mr Bonilla said the risks associated with the network and sensors were low but the easy access might be of interest to particular types of attackers.

“These devices measure natural disasters,” he said.

“Abusing them could lead to financial sabotage for a specific company or country.”

Information about the series of flaws has been reported to the US Computer Emergency Readiness Team (US Cert) which co-ordinates work to harden national infrastructure systems.

US Cert has passed information about the security flaws to Canadian firm Nanometrics which makes the sensors and data-gathering equipment that makes up a lot of the seismic monitoring network.

© Copyright 2017 By GBnews24.com LTD Company Number: 09415178 | Design & Developed By (GBnews24 Group ) ☛ Email: gbnews24@gmail.com

United States   USA United States