One of the great fears of cybersecurity experts is that hackers will break into the computer systems used by energy facilities and the government's energy infrastructure, and cause massive destruction. So far, with few exceptions, hackers have not been able to get into these complex systems and cause physical damage.
But they're trying to. In December, for instance, Iranian hackers were able to access New York State's energy infrastructure, and the Department of Homeland Security has warned that ISIS is likely trying to get into the power grid, too. Fortunately, the Iranian hack didn't lead to any damage.
Now, a cybersecurity researcher has found an easy way for hackers to get into these systems and cause real damage. Reid Wightman, who presented his findings at the S4 Conference in Miami earlier this week, found a vulnerability that an everyday hacker without advanced skills could exploit.
He found that at least four companies that make variable-frequency drives, which are used to control the speed of motors, don't require any authentication to gain read-and-write capabilities. Meaning, without much effort, these hackers could hack into systems and change the speed of the motors.
If these motors are cooling facilities or keeping countless tons of water locked behind dams, you can only imagine the massive amount of destruction and loss of life that's possible. More troublesome, the makers of the motors intentionally make it easy for people operating them to find out the maximum speed the motor can go.