Schneider Modicon TM221CE16R

HARD CODE

SECURITY SHOULDN'T BE HARD

 

A MESSAGE FROM OUR FOUNDER AND CEO -


First up, Vermont lawmakers have been asked to change passwords and follow other safety protocols after the FBI alerted state authorities that the legislative email system had been targeted by a foreign entity.

So far, Vermont State Police have not detected any breach but passed on the FBI warning. According to Major Rick Hopkins, the FBI reported that Vermont emails had been found to be "of interest" to an undisclosed foreign attacker.

"It's fairly contained because it's just there on one server, but we were concerned that there may be some overlap and a way that it could get into other systems," stated Vermont Governor Phil Scott.

Scott noted the significance of the attempt in the wake of a data breach at the Department of Labor and the attempted hack at the Burlington Electric Department. Vermont was one of several US States that have suffered hack attacks on labor exchanges that have included Idaho, Arizona and Delaware.

No mention if the Vermont political society is considering encryption to protect their email security.

Still, even secure systems have come under attack recently. For example, someone is messing with the encrypted email system PGP. According to Motherboard, an unknown attacker recently created a fake PGP encryption key for a high profile Egyptian activist who works on information security issues. Fortunately, the activist was able to detect the key and warn others not to use it.

"Someone might use the wrong key," stated Ramy Raoof, senior research technologist at the Egyptian Initiative for Personal Rights (EIPR) who communicated with Motherboard using the open (unsecure) Twitter Direct Messaging.

PGP or Pretty Good Privacy has been the industry leader in encrypted email for nearly 2 decades. It, however, has been showing its age both in terms of ease of use and cryptographically secure. Edward Snowden stated he used PGP to avoid surveillance but other researchers such as Matthew Green have questioned the design and reliability of the aging email software.

"I stopped recommending and using PGP because I had one experience where I really needed it to be safe, and I didn't feel it was," stated Green, Assistant Professor of Computer Science at the Johns Hopkins Information Security Institute.

PGP is at best, difficult to use and not recommended for the untrained customer. But it's not just a lack of user friendliness or compatibility. PGP has never taken off among non-techies because it's inherently hard to use, which makes it very easy to make a mistake that nullifies the good crypto behind it. This is the reason why cryptographic experts like Matthew Green think it's time for PGP to die. Ironically, even Phil Zimmermann, the person who invented PGP doesn't use his software because it is simply too cumbersome.

A point worth noting, we upgraded and improved encrypted email to work on all the main services using standard protocols of POP3 and SMTP. Our interface is easy and actually more secure that PGP in that public keys can be exchanged at the email level and not necessarily out in the open. We also do not rely strictly on public key systems by including a private One-Time-Pad key system that exceeds PGP and RSA security levels.

While most of us have a hard time with email security it is well known that industrial applications require maximum security. Yet, the Schneider Modicon TM221CE16R, an industrial controller computer that has been ruggedized to operate on the factory floor, has an all too common problem. The firmware running on the Schneider Modicon TM221CE16R has a hardcoded password.

Now, you would expect professional engineers to not use hardcoded passwords for any reason; such is not always the case. The news for Schneider users is not only bad but worse, they cannot change the password and there is no firmware update available to fix this issue.

The TM221CE16R firmware contains an encrypted the XML file with the user and password with the fixed key: ā€œSoMachineBasicSoMachineBasicSoMaā€. It is quite easy for an attacker to open the control environment, decrypt the file, and take control over the device.

The TM221CE16R is known as a computer controlled relay brain tied to an Ethernet link. The controller can turn on or off multiple electrical connections at very high rates of speeds. The primary use is in automated manufacturing robotics in the automobile, aerospace and consumer products areas. The computer controls allow for detail motion and operation of automated or robotic systems to produce products with exact specifications and measurements. Other possible applications include controlling the power grid, electrical systems in a dam or possibly even the coolant pumps inside a nuclear power plant.

So you can imagine what would happen if the brains controlling manufacture of disk brakes for cars or airplanes were hacked. The problem may not show up for years if the hack is subtle, changing the way a brake wears over time to cause a catastrophic failure two or three years later. This hypothetical hack is one of many possible applications of a bored teenager armed with a wireless laptop.

Of course, the TM221CE16R may also provide opportunities for the "nation state" actor who might want to sabotage a factory, power grid or even a nuclear power plant.

CHARLES R. SMITH

CEO FOUNDER OF SOFTWAR INC.

TWITTER ENCRYPTED MESSAGES FOR WINDOWS & ANDROID


Contact Us: