oceanwanderlust
Member
After reading too much about Sony, I decided to do a little investigation into the security of our facility. Googling "Omron PLC Security" returns a very scarey-nieve whitepaper as the first result.
This official Omron whitepaper claims that Omron PLCs are secure because hackers don't use FINS. However, I figure it would take me a few hours to write a kiddie-script Omron port scanner, and probably less than an additional day to figure out how to do something malicious! Furthermore, even password protected Omron PLCs seem to lock-out after a few login attempts, which would make a DOS attack trivial to implement.
Am I the only one who gets sick to their stomach reading something this stupid??
http://echannel.omron247.com:8085/marcom/pdfcatal.nsf/0/7CC1E9D8D2A1C3BF862573760063920C/$file/InternetAccessToPLC_whitePaper_en_200910.pdf
"The question becomes: ‘what security risk does this pose to the customer’? The answer is fairly simple: the security risk is very low"
"When a router is forwarding a TCP or UDP port to an Omron PLC, the traffic is being delivered to a non Windows based operating system. This makes the PLC impenetrable to standard hacking methods. The PLC will only respond to Omron FINS (Factory Intelligent Network Services) commands, not standard
Ethernet protocol commands."
This official Omron whitepaper claims that Omron PLCs are secure because hackers don't use FINS. However, I figure it would take me a few hours to write a kiddie-script Omron port scanner, and probably less than an additional day to figure out how to do something malicious! Furthermore, even password protected Omron PLCs seem to lock-out after a few login attempts, which would make a DOS attack trivial to implement.
Am I the only one who gets sick to their stomach reading something this stupid??
http://echannel.omron247.com:8085/marcom/pdfcatal.nsf/0/7CC1E9D8D2A1C3BF862573760063920C/$file/InternetAccessToPLC_whitePaper_en_200910.pdf
"The question becomes: ‘what security risk does this pose to the customer’? The answer is fairly simple: the security risk is very low"
"When a router is forwarding a TCP or UDP port to an Omron PLC, the traffic is being delivered to a non Windows based operating system. This makes the PLC impenetrable to standard hacking methods. The PLC will only respond to Omron FINS (Factory Intelligent Network Services) commands, not standard
Ethernet protocol commands."