Tag Archive for: vulnerable

Solar panels vulnerable to hackers, concern for network security

/in


Photo: DutchNews.nl

Domestic solar panels are vulnerable to hackers who could use them to steal personal information or launch denial of service attacks, the digital watchdog RDI has warned.

The inspectorate for digital infrastructure said vulnerabilities in the inverters, the devices that convert the solar energy stored in the panels into electricity, could also be tapped to power smartphones or laptops.

Inspectors from the RDI tested nine types of inverter from eight manufacturers, none of which met its security standards. Five had the potential to cause disruption to the electricity network.

The number of solar panel installations has grown rapidly in recent years from 1.8 million in 2015 to 16.3 million in 2021.

John Derksen, head of equipment at the RDI, said solar panel systems were too easy to hack via an internet connection and urged manufacturers to improve their security.

He said the findings were a wake-up call for the industry, which will be legally required to meet the RDI’s cybersecurity standards from August next year.

Inspectors are concerned that recent geopolitical events such as the invasion of Ukraine by Russia have made attacks on western infrastructure more likely.

Derksen also said householders needed to be more aware of the warning signs so they could alert inspectors if their devices started behaving unusually.

“Even the aviation and shipping industries can experience disruption because of this,” he told NOS Radio 1 Journaal. “The average citizen has little or know knowledge of radio frequencies.

“They might notice strange things going on with their wireless devices and connections, such as bad wifi, but don’t connect it to solar panels, so we at the RDI aren’t informed about it.”

Thank you for donating to DutchNews.nl.

We could not provide the Dutch News service, and keep it free of charge, without the generous support of our readers. Your donations allow us to report on issues you tell us matter, and provide you with a summary of the most important Dutch news each day.

Make a donation

Source…

FDA, CISA: Illumina Medical Devices Vulnerable to Remote Hacking

/in


The US government is notifying healthcare providers and lab personnel about a component used by several Illumina medical devices being affected by serious vulnerabilities that can allow remote hacking.

On Thursday, the Cybersecurity and Infrastructure Security Agency (CISA) and the Food and Drug Administration (FDA) issued public notifications to inform organizations about the vulnerabilities affecting the Universal Copy Service (UCS) component used by several of Illumina’s genetic sequencing instruments. 

The vendor has released patches and mitigations, and published its own advisory to inform customers about the steps they have to take to prevent potential exploitation. 

The FDA said it was not aware of any attacks exploiting the vulnerabilities in the wild, but warned that a hacker could exploit them to remotely take control of a device, or to alter configurations, settings, software or data on the device or the user’s network. 

The FDA also warned that exploitation of the vulnerabilities could also impact “genomic data results in the instruments intended for clinical diagnosis, including causing the instruments to provide no results, incorrect results, altered results, or a potential data breach”.

CISA’s advisory reveals that Illumina Universal Copy Service is affected by a critical vulnerability, tracked as CVE-2023-1968, related to binding to an unrestricted IP, which can allow an unauthenticated attacker to abuse the component to listen on all IPs, including ones that accept remote connections.

The second flaw, CVE-2023-1966, is related to unnecessary privileges that can allow an unauthenticated hacker to remotely upload and execute code at the OS level.

Illumina’s iScan, iSeq, MiniSeq, MiSeq, MiSeqDx, NextSeq, and NovaSeq products are affected by the vulnerabilities. These products, used worldwide in the healthcare sector, are designed for clinical diagnostic use in sequencing a person’s DNA for various genetic conditions or for research purposes.

“On April 5, 2023, Illumina sent notifications to affected customers instructing them to check their instruments and medical devices for signs of potential exploitation of the vulnerability,” the FDA said in…

Source…

Letter: How Covid leaves companies more vulnerable to cyber attack

/in


I read with interest the controversy surrounding Lloyd’s of London insurers proposing that companies who offer cover against cyber security attacks should include exemptions in their policies that would prevent them from paying out if an attack is deemed to be “state-backed” (“Lloyd’s locked in battle over state-backed cyber attacks”, Report, April 3).

This issue comes at a time when there has been a marked increase in state-backed cyber attacks. Microsoft recently announced that it had found the proportion of cyber attacks perpetrated by states targeting critical infrastructure had risen from 20 per cent to 40 per cent in the past 12 months.

Sadly, the hackers’ success rate will continue to rise as technology improves, incentives increase and current cyber security measures fail to reach the benchmarks required to thwart attacks.

The shift towards remote work, the workplace trend of “bring your own device”, cloud computing and the explosion of “internet of things” devices means that cyber security systems are increasingly less effective, if not obsolete.

Traditional cyber security works on the premise that a company or organisation has ringfenced access points — networks that have closed and controlled infrastructure.

However in recent years, propelled by Covid-19, the servers have left the room. Decentralised and networked business environments and off-premise devices such as mobile phones and laptops, become single points of failure, regardless of current cyber security controls.

Current IT architecture is centralised, meaning there is a central point of control or authority, which makes it easy for attackers to target and compromise an entire system or take over processes.

The insurance narrative is gaining traction for all the wrong reasons.

Monica Oravcova
Co-Founder and Chief Operating Officer, Naoris Protocol, Wilmington, DE, US

Source…

America’s Vulnerable Energy Infrastructure Is A Threat To National Security

/in


With news reports of attacks on U.S. power grids rising to an all-time high last year, cyber security and energy infrastructure robustness are being called into question. As well as strengthening energy infrastructure in line with green transition developments and the increased connectivity of renewable energy operations, the U.S. must consider improving its cybersecurity to ensure it is resilient to being hacked, as threats against the grid continue to rise.  A Government Accountability Office (GAO) review conducted in 2019 revealed some of the main challenges to grid security. These included the need to hire a skilled workforce to manage cybersecurity, limiting the sharing of classified information between the public and private sectors, resource limitations, reliance on other critical infrastructure that requires cybersecurity strengthening, and uncertainty about how to best implement cybersecurity standards. Further, the report suggested that although the Department of Energy (DoE) had developed plans “to implement the national cybersecurity strategy for the grid”, these plans “do not fully address risks to the grid’s distribution systems.” For example, the supply chain-related vulnerabilities of distribution are largely overlooked as the DoE focuses on resolving threats to the grid’s production and transmission systems. Related: Energy, Metals Investments To Boom In 2023

Greater digitalisation in recent years has put the grid at higher risk of attack by criminals, terrorists, hacktivists, and foreign governments. The electric grid relies on industrial control systems, which manage electrical processes and physical functions like opening and closing circuit breakers. Since many systems are now using technologies that connect to the internet – to improve remote monitoring, thereby reducing cost and boosting efficiency – this makes them more vulnerable to hacking

The GAO believes the DoE can enhance cybersecurity by focusing on three key tasks: the adoption of a cybersecurity framework, the establishment of risk management programmes, and the implementation of the Federal cybersecurity strategy for the electric grid, which includes the…

Source…