Scam Alert #16 —Plant takeovers & face tracking

Big machines at big plants and factories may not all be secure.

Researchers found new security holes in two kinds of software used in oil and gas plants, utilities and other industrial plants — holes are big enough for bad guys to walk through and take over the plant.

Watch here:

 

 

Plant security holes

Computers run machines at gas, power and water plants.

But what if an attacker could control those machines and do damage — or even kill?

Security company Tenable found security gaps in two kinds of software used in industrial plants, InduSoft Web Studio and  InTouch Machine Edition, both by Schneider.

The security company, Tenable, says evil hackers could get in and take over machines around the plants.

“A threat actor can use the compromised machine to laterally transfer within the victim’s network and to execute further attacks,” Tenable said in a post.

“Given the widespread prevalence and market share of the affected software in the OT [operational technology] space, and the fact that it is frequently deployed in sensitive industries, Schneider and Tenable consider this a critical vulnerability requiring urgent attention and response from affected end users,” the company added.

Schneider put out a warning and a security update.

Experts say companies need to update their systems as soon as possible.

 

“Proof of concept” of the industrial software attack. Image credit: Tenable

 

Controls exposed

You put a lot of faith in a ski lift or tram when you ride it.

But researchers found the controls to a lift in Austria exposed online — with no protection.

That means bad guys could potentially mess with the speed of the lift, the cable tension and more, according to Bleeping Computer. 

The city of Innsbruck shut down the lift, called Patscherkofelbahn, and is doing a security audit, Bleeping Computer said.

 

The Patscherkofelbahn lift near Innsbruck. Image credit: Tirol VIDEO

 

Revenge porn 

This map shows revenge porn in action.

 

Heat map showing the locations of computers posting revenge porn on Anon-IB, according to security analyst Einar Otto Stangvik. Image credit: Motherboard

 

A security analyst created the map to show where people around the world posted revenge porn — nude images of video of a person without their consent— between 2015 and 2018.

Norwegian security analyst Einar Otto Stangvik created the map using IP address data from the infamous site Anon-IB, according to Motherboard.

These abusers may have thought they were posting anonymously, but the map shows posts from computers at places like US Navy bases and the US Senate, sometimes with boasts about their porn “wins.”

Dutch police shut down Anon-IB and arrested three men from the Netherlands in April, saying the men and other site visitors asked for help in getting nude images of specific women, and would hack women’s accounts to get nude images.

Face tracking

Late for your flight?

Singapore’s Changi airport is going to use facial recognition to track you down.

 

Singapore’s Changi Airport. Image credit: Cegoh

 

The airport gets many reports of lost passengers and will start using the new system next year, Reuters said.

You may remember the case of a lost passenger — stuck for 18 days — at the Sao Paulo airport in Brazil.

He didn’t speak any Portuguese, had no money, and said his friend never showed up to pick him up.  

Singapore is not the only place you’ll find facial recognition when you fly.

U.S. customs uses facial recognition, maybe not to locate lost travelers, but to find people who actually don’t want to be found.

 

See other alerts:

Scam Alert #15 — Big cyber bust & fake internet stars

Scam Alert #14 — Facebook hoax & fake stress relief

Scam Alert #13 — Despacito hacked & digital “Beanie Babies”

See more Scam Alerts here at Archer News.

 

Main image: Example of a factory. Image credit: Skitter Photo