Pick a lock, plug in a WiFi-enabled Raspberry Pi and that’s nearly all there is to it.
There’s more than that of course, but the wind farms that [Jason Staggs] and his fellow researchers at the University of Tulsa had permission to access were — alarmingly — devoid of security measures beyond a padlock or tumbler lock on the turbines’ server closet. Being that wind farms are generally in open fields away from watchful eyes, there is little indeed to deter a would-be attacker.
[Staggs] notes that a savvy intruder has the potential to shut down or cause considerable — and expensive — damage to entire farms without alerting their operators, usually needing access to only one turbine to do so. Once they’d entered the turbine’s innards, the team made good on their penetration test by plugging their Pi into the turbine’s programmable automation controller and circumventing the modest network security.
The team are presenting their findings from the five farms they accessed at the Black Hat security conference — manufacturers, company names, locations and etc. withheld for obvious reasons. One hopes that security measures are stepped up in the near future if wind power is to become an integral part of the power grid.
All this talk of hacking and wind reminds us of our favourite wind-powered wanderer: the Strandbeest!
21 thoughts on “Hacking Into…. A Wind Farm?”
One would think cameras would become a feature. After all there’s a hard-link back to a central spot for the power and wind turbines are high up for any kind of wireless.
the security can be even worse when they use service friendly system keys, those are shared between hundreds of people.
As long you keep your camera gear on separate systems from the main systems.
If you can get into the server closet in person then the raspi isn’t really necessary. You could just smash everything and forget about the fancy exploit. Most companies don’t count attacks that require you to physically break into server rooms to be “legitimate” pentesting.
When physical penetration is easy, and unlikely to attract attention, it should count.
This isn’t really news is it – gain physical access to the systems and it’s game over. Same is true of electricity sub stations, water and sewage plants and whole host of other remote, unattended systems. We live with the risk because the intersection of the number of people with the nouse to do this vs. the number of people who are vindictive enough to do this is vanishingly small.
Agreed. There are substations everywhere that are unattended. Many cities have little unattended pump houses for their water and sewage systems too. Many cities still have pole mounted boxes that control stop lights.
The whole of the grid worldwide is lacking security and it is of major concern for most power network operators. This is why power line communications was of such a potential benefit.
F2G (Fiber to the Gun). Yeah we got your security…right here.
I don’t get what PLC has to do with either this story or the security of the grid in general? Replacing SCADA phone line comms with PLC doesn’t win you anything.
For phone communications- PLC’s are good for rootkits….
Programmable logic controllers, not power line communications.
Using the power lines as coms vs hooking it to the internet would stop a lot of script kiddies and other mooks in their tracks.
In fact I think hooking mission critical gear like power grid equipment to the general internet should be out right banned.
That comes with human nature. Most people will only value security after they are affected by lack of it. Before, it is “not necessary” or “nothing will happen” ( at least it is what they think ) .
People are already complaining about their electric bills. Think line item: security for the grid, on their bills will go over well?
If you own a factory that is dependent on electricity, then you surly wouldn’t mind some extra security to ensure you have power when you need it.
And considering that most server farms typically has two sources of power + their own generators, then there is clearly a need for reliable/secure power. So yes, paying a bit extra for reliability is worth it to most companies within the manufacturing and IT industries, as those already do it to a large degree.
There would be other ways of financing it, or even doing it right from the start. But in the case of no other option, then it can be easily justified when something bad happens : “To improve the security would have increased your bills. You didn´t want that, did you ? So, that is why security was not improved and the mischief of those people left you without power for that time”
Here’s an idea, when the panel is open it contacts the company.
Yes, the operating company being notified any time a remote facility is opened would help. As would cameras to catch the intruders. But that still leaves a window before a response can show up.
160db alarm activation during unauthorized access.
And a second locked panel after the outside one.
Have one of those bank cash dye things go off when the wire is cut.
Please be kind and respectful to help make the comments section excellent. (Comment Policy)