FactoryTalktotheHand
Member
I mean, I kinda see it, but Stuxnet mostly attacked the engineer's programming PC, not the PLC. Nothing they've done would prevent a virus from infecting their Codesys based programming software, and then downloading a slightly modified project to the controller.
To me, reverse engineering prevention is protection for the vendor, not the customer.
Not mostly, entirely. That was the attack vector: Programming PCs connected to the internet. Plus, it pretty much could have only been accomplished by a government, most likely the U.S. and Israel. The level and type of knowledge required is something only a government would have access to. Otherwise, it was some rogue Siemens engineer with a double major in computer hacking who prioritized ruining Iran's nuclear centrifuges over personal gain. I think Occam's razor comes into play, here.
The idea that someone would reverse-engineer an I/O card, sell it commercially, unleash a virus onto the automation world, and not have it traced back to them in a million different ways and get caught is just patently absurd.
Besides, you think someone this intelligent with that bad of judgement is going to be stopped by a mere lack of pins?
What really happened was that someone invented a solution no one asked for for a problem that doesn't exist, and the CEO is desperately trying to convince people there is a problem where there isn't, and that you want something when you don't.
Last edited: