On the way over to Infocomm this year I watched a documentary called something like ‘Defeating the Hackers’ and it made me think about how this could apply to our world of networked AV systems. They are a part of the whole ‘Internet of Things’ these days.
The doco followed a few threads but the one that struck me was a story about hackers targeting a specific brand and model of PLC (programmable logic controller) used in nuclear power plants to control the speed of motors which in turn drive cooling pumps of some sort. The cooling pumps would have been connected to the plant’s control and monitoring network. The hackers managed to ‘adjust’ the controllers’ code to make the motors to over-speed and subsequently fail , thereby crippling parts of the nuclear plant. And the plant was in the Middle East somewhere – a prime target for sabotage by an unfriendly country.
You’d have to wonder how a hacker (or ‘unfriendly’) could get past all the security measures of a nuclear facility in an unstable part of the world. The program explained how easy it is – exploit human weakness. All they needed to do was put the virus on a number of USB sticks labelled ‘payroll backup’ or ‘employment contracts’ or similar and drop them in a carpark or somewhere employees frequent. One stick is bound to find its way into a computer inside the secure boundary of the plant’s network.
There are two messages here:
1. How secure are your AV systems? Are some components visible to the outside world? Are they still set to default security settings? If the answer is ‘yes’ to both, you have an open door to hackers. Don’t underestimate how much damage that could cause. Once they get past the vulnerable device, they are inside your network!
2. Be suspicious on any USB stick you find laying around. How do you know it doesn’t contain a hidden virus just waiting to hop onto your network and find its target?
See more information here