View all newsletters
Receive our newsletter - data, insights and analysis delivered to you
  1. Technology
  2. Data Centre
August 22, 2012

US to probe Siemens networking equipment flaw

The fault could allow hackers to decrypt data being sent across the network, security researcher claims

By Steve Evans

The US government had confirmed it is looking into claims of a serious flaw in Siemens’ networking equipment that could leave customers vulnerable to hacks.

The claims were made by security researcher Justin Clarke, who was speaking at a conference in Los Angeles. He claimed that a flaw in equipment from RuggedCom, a Siemens subsidiary, could allow hackers to decrypt traffic between the network device and the customer.

RuggedCom’s equipment is widely used in the power and energy sector.

According to the BBC, Clarke claimed RuggedCom uses a single key to decode the encrypted data moving across the network. He had found a way to extract that key, he said, giving him full access to the data.

"If you can get to the inside, there is almost no authentication, there are almost no checks and balances to stop you," Clarke is reported to have said.

Now the US Department of Homeland Security has said it will investigate the claims. In a security bulletin, the Industrial Control Systems Cyber Emergency Response Team (ICS-CERT), said: "According to this report, the vulnerability can be used to decrypt SSL traffic between an end user and a RuggedCom network device. ICS-CERT notified the affected vendor of the report and asked the vendor to confirm the vulnerability and identify mitigations."

ICS-CERT suggests companies using this equipment should ensure that any control system device is not directly connected to the internet and that anything sensitive should be placed behind a firewall. Remote access should also be through a VPN, it added. That is of course sensible advice for any business to take.

Content from our partners
Rethinking cloud: challenging assumptions, learning lessons
DTX Manchester welcomes leading tech talent from across the region and beyond
The hidden complexities of deploying AI in your business

Siemens sent a short statement to CBR saying they are looking into the allegations. "Specialists from Siemens and RuggedCom are investigating this issue and will provide information updates as soon as they become available," it said.

Cyber attacks on critical national infrastructure are a growing problem for many countries. The Middle East has been particularly badly hit, with Stuxnet, Duqu and Flame all striking recently.

There have been no reported cases of damage being done to US infrastructure yet, but the US government is certainly taking the treat seriously.

It was recently revealed that president Barack Obama was considering ordering companies that are part of the nation’s critical infrastructure to improve their cyber security skills, after US Congress failed to pass a bill that would have seen voluntary cyber security standards implemented.

Websites in our network
Select and enter your corporate email address Tech Monitor's research, insight and analysis examines the frontiers of digital transformation to help tech leaders navigate the future. Our Changelog newsletter delivers our best work to your inbox every week.
  • CIO
  • CTO
  • CISO
  • CSO
  • CFO
  • CDO
  • CEO
  • Architect Founder
  • MD
  • Director
  • Manager
  • Other
Visit our privacy policy for more information about our services, how Progressive Media Investments may use, process and share your personal data, including information on your rights in respect of your personal data and how you can unsubscribe from future marketing communications. Our services are intended for corporate subscribers and you warrant that the email address submitted is your corporate email address.