EEVblog Electronics Community Forum

Computing => Security => Topic started by: rgarito on February 09, 2021, 02:21:04 am

Title: Water system hack--this could have been REAL bad...
Post by: rgarito on February 09, 2021, 02:21:04 am
They apparently were using TeamViewer....  Not exactly the best remote access system...

https://www.wired.com/story/oldsmar-florida-water-utility-hack/ (https://www.wired.com/story/oldsmar-florida-water-utility-hack/)
Title: Re: Water system hack--this could have been REAL bad...
Post by: NiHaoMike on February 09, 2021, 02:35:08 am
If the Teamviewer app is the one that is supposed to have the "security fix", it definitely belongs in the dodgy technology section...
Title: Re: Water system hack--this could have been REAL bad...
Post by: JohnnyMalaria on February 09, 2021, 03:16:46 am
Dear WIRED reporter - what is PH? Is it like pH but louder?
Title: Re: Water system hack--this could have been REAL bad...
Post by: rgarito on February 09, 2021, 03:47:19 am
If the Teamviewer app is the one that is supposed to have the "security fix", it definitely belongs in the dodgy technology section...

As someone who works in the industry, based on the above statement you can move most discussion about security software into the dodgy technology section...  You would have nightmares if you saw the things I see every day ;)
Title: Re: Water system hack--this could have been REAL bad...
Post by: CatalinaWOW on February 09, 2021, 05:30:05 am
With some exceptions any lock is pickable and any code is breakable.  There should be some really deep thought put into whether the convenience of remote access is worth the risk.  While some systems are more secure than others I think experts in the area would agree that none are absolutely risk free. 

A lot of systems have been made accessible without any thought of how many crazy and/or malevolent people there are in the world.
Title: Re: Water system hack--this could have been REAL bad...
Post by: BradC on February 09, 2021, 06:20:37 am
With some exceptions any lock is pickable and any code is breakable.  There should be some really deep thought put into whether the convenience of remote access is worth the risk.  While some systems are more secure than others I think experts in the area would agree that none are absolutely risk free. 

A lot of systems have been made accessible without any thought of how many crazy and/or malevolent people there are in the world.

I have this discussion on a daily basis. Private enterprise clients are gradually coming around to air-gapping the security systems and the de-converging of IT and OT networks. Government clients on the other hand ....

I had the services manager of one of our larger building companies tell me "Daahhhnt worry Brad, it'll never 'appen".
Title: Re: Water system hack--this could have been REAL bad...
Post by: james101 on May 04, 2021, 03:33:19 am
TeamViewer is a system you do not trust at all its flaw.

if you have this on any systems remove it.

there are ways to sign onto anyone machine that is using teamviewer
does not matter if they dont know your ip address and password.