Skip to main content

Hackers can take over nuclear power plants thanks to Industrial Ethernet Switches

faa bans drone flights over nuclear sites plant
Image used with permission by copyright holder
Thought large government agencies were the most alarming entities to fall victim to a cyberattack? Think again. According to new research set to be fully released at the Black Hat cybersecurity conference in Las Vegas next week, Industrial Ethernet Switches (IES), which are responsible for maintaining the internal networks of today’s factories, refineries, ports, and other industrial organizations, are vulnerable to hackers and cyberattacks. As the Daily Dot reported, these lapses in security could allow ill-intentioned individuals to “gain access to the network, take full control, and cause potentially fatal damage.” But don’t worry — researchers and scientists may or may not be working on fixing that.

The IES, which are rarely used in the everyday home setting but are commonplace in large-scale operations, especially those that could cause catastrophic damage in the case of a cyberattack, has a number of potential pitfalls that could prove problematic in certain scenarios. These pitfalls include the frequent use of “default passwords, hard-coded encryption keys, and a lack of proper authentication for firmware updates.” In combination with one another, these so-called “fundamental failures of security” form a hacker’s trifecta, making it relatively simple for attackers to access the systems in question.

Recommended Videos

Robert Lee, a security researcher and and active-duty U.S. Air Force Cyber Warfare Operations Officer told the Daily Dot, “Anything that the facility is capable of in its natural operating system, you’re [an attacker] capable of doing — and doing damage with if you control the network. With a power station, you can have major repercussions. With a hydroelectric dam, if you don’t monitor processes in a normal situation, it’ll spin out of control. Everything you have can be manipulated.”

Please enable Javascript to view this content

While Lee is working with risk researcher Eireann Leverett to address these shortcomings and assuage public fears about such issues, the process is an arduous one. Leverett told the Daily Dot, “All these vulnerabilities are pervasive and endemic. Most vendors haven’t done the basics,” particularly because when the equipment was initially installed, many of today’s threats were simply not yet present in the cybersecurity landscape.

But now that hackings have grown ever more common and robust, the time is rife for a complete security overhaul, especially among companies and infrastructure that need it most. “What we don’t have is awareness,” said Lee. “There is a massive lack of security awareness in the industrial control systems community,” and that’s where attention needs to be focused first.

Lulu Chang
Former Digital Trends Contributor
Fascinated by the effects of technology on human interaction, Lulu believes that if her parents can use your new app…
On my son’s behalf, I sought out the smart glasses that ‘give sight to the blind’
A prototype of the Soliddd Vision smart glasses.

Like many 4-year-olds, there's nothing my son loves more than cars. Despite my own complete lack of interest in the topic, he can already identify make and model of cars from across the street with uncanny accuracy, spurred on by his growing collection of Matchbox and Hot Wheels.

But as we've had to explain to him, we still don't know if he'll be ever to drive one himself. The brain tumor that he was born with left him with stunted vision, particularly in one eye, with little hope of improvement.

Read more
The RTX 5060 will be Nvidia’s most important GPU, and I’m worried about it
Two graphics cards sitting on top of each other.

Nvidia just finished revealing its range of new RTX 50-series GPUs, the first of which will arrive in just a couple of weeks. They're some of the best graphics cards ever made, according to Nvidia, and for the flagship RTX 5090 that clocks in at $2,000, I believe the company. Lower down the stack, however, I'm concerned.

For the past couple of years, there's been a growing issue surrounding graphics cards with 8GB of VRAM, which is something we've seen on full display with games like Indiana Jones and the Great Circle. Despite backlash in the previous generation concerning releases like the RTX 4060 Ti, I'm worried that Nvidia will repeat the mistakes of the past when the RTX 5060 inevitably rolls around.
It'll be popular

Read more
ChatGPT just dipped its toes into the world of AI agents
OpenAI's ChatGPT blog post is open on a computer monitor, taken from a high angle.

OpenAI appears to be just throwing spaghetti at this point, hoping it sticks to a profitable idea. The company announced on Tuesday that it is rolling out a new feature called ChatGPT Tasks to subscribers of its paid tier that will allow users to set individual and recurring reminders through the ChatGPT interface.

Tasks does exactly what it sounds like it does: It allows you to ask ChatGPT to do a specific action at some point in the future. That could be assembling a weekly news brief every Friday afternoon, telling you what the weather will be like in New York City tomorrow morning at 9 a.m., or reminding you to renew your passport before January 20. ChatGPT will also send a push notification with relevant details. To use it, you'll need to select "4o with scheduled tasks" from the model picker menu, then tell the AI what you want it to do and when.

Read more