HACKS THAT CAUSE physical destruction are so rare they can be counted on one hand. The infamous Stuxnet worm was the first, causing physical destruction of nuclear centrifuges in Iran in 2009. In 2014, Germany reported the second known case of physical destruction involving a furnace at a steel mill. Both of these attacks required extensive knowledge to pull off. But now a researcher has found an easy way for low-skilled hackers to cause physical damage remotely with a single action—and some of the devices his hack targets are readily accessible over the Internet.
The hack focuses on variable-frequency drives that control motors operating fans and pumps in water plants, mining operations and in heating and air conditioning systems. The drives are digital devices used to set and maintain the electrical frequency fed to the motors to control their speed. These motors in turn control things like water pumps, rock-crushing systems and air-compression equipment.
Reid Wightman, a security researcher with Digital Bond Labs, found that at least four makers of variable-frequency drives all have the same vulnerability: they have both read and write capability and don’t require authentication to prevent unauthorized parties from easily writing to the devices to re-set the speed of a motor. What’s more, the variable drives announce the top speed at which motors connected to them should safely operate, allowing hackers to determine the necessary frequency to send the device into a danger zone.
Read the Remainder at Wired
Reblogged this on Starvin Larry.
VFD’s ain’t cheap by themselves, where I work we have them blow up, literally, by themselves. They are very sensitive to voltage spikes and such and they are 35 grand apiece plus they have to send a tech to set up the software for the application.
Depending on the size of the motor, that could be another twenty and whatever the motor is turning……. as you can see this could be an extremely expensive bit of damage.
I wonder why Rockwell hasn’t addressed this yet.
Thanks for commenting! I appreciate input from anybody with this type of experience!