Yeah, I just watched the movie. Yippie Kah Yay, for sure. Nokia phones are sure handy. :-) As much as I love Matrix, which seemed a little far out with the nmap scan and the SSH CRC32 exploit, this one had a reasonable amount of plausibility. A SCADA device and a printer are not too far apart in terms of the services they offer over IP. These devices have protocols like ARP, IP, TCP, UDP, SNMP, FTP (warez on a voltage regulator anyone?), HTTP, etc. and yes they do have vulnerabilities. It has a lot to do with the Network Effect. While the utility and the value of the connected systems grows (for sure) with the number of systems connected, so does the attack surface, the complexity, the unknowns and the risks. Quoting Bruce Schneier, “Machines break, Systems have bugs“. Once you are on the network, it’s fair game for anyone to reach out to you.
Full Post »