Saturday, September 19, 2015

Huawei advisory for HWPSIRT-2015-05103

Huawei published advisory on Huawei MBB (Mobile Broadband) product E3272s.

It's all about "Bootkit via SMS" research presented at PacSec and HITB by Timur Yunusov, Kirill Nesterov, Alexander Zaitsev.

More info: Huawei-SA-20150817-01-MBB

Huawei states it's a DoS. Let it be the DoS.


Monday, September 14, 2015

Sunny WebBox Fix

CVE-2015-3964: SMA Solar Technology AG Sunny WebBox (monitoring solution for medium-sized PV plants) Hard-coded Account Vulnerability is fixed. Presented at 31C3 by Alexander Timorin.

Thursday, August 6, 2015

SCADA with antenna

Sometimes you can meet a SCADA with antenna.
Sometimes it's a old and boring 802.11 Wi-Fi antenna.
Sometimes it's a cool bright new 3G/4G device.

Tuesday, August 4, 2015

A Few Facts on IEC61850 in China

A Few Facts on IEC61850-based Substation Integration & Automation in China by Mr Jim Y Cai, Dr Gao Xiang and Dr. Jun Zha:
- In 2013, 10 000 substations from 35KV to 10000KV with 100% 61850 based IEDs are in operation
- By the end of 2013, there are 893 fully digital substations with process bus are in operation

See you there

Monday, July 20, 2015

Bootkit via SMS (updated)

Updated slides of Bootkit via SMS research as presented at HITB by Timur Yunusov
and Kirill Nesterov.
New stuff: user tracking, "infection" statistics, suddenly vxWorks.

Monday, May 18, 2015

Friends don't let friends put SCADA on the Internet

New analytic research on ICS components vulnerabilities.

146 137 are online, (at least) 15000 can be hacked by script-kiddie.

Pictures below