A new study found 25 vulnerabilities in the computer system used to control power plants across the U.S. and Canada that leaves the electricity grid open to hacking. Hackers would be able to overheat the plants, cause them to malfunction or even completely shut them down.
These power plant vulnerabilities had never been seen before, primarily because the protocols that control the power plants are not connected to the rest of the Internet. They were also thought to be so obscure that no one outside of the power plants had the type of knowledge necessary to exploit these flaws.
The outside consultants who found the weaknesses within the power plants warned that this just merely creates a false illusion of security. Adam Crain of Automatak told Wired that a hacker could connect to a remote substation and easily access the network to take out potentially hundreds of power plants.
Automatak identified the vulnerabilities as part of an ongoing search for hacking weaknesses, called Project Robus. Most of the weaknesses allow hackers to put the servers controlling the power stations into infinite loops, blinding the operators to the conditions on the ground.
One weakness, however, is especially threatening. It allows a hacker to perform a buffer-overflow attack, which involves storing a code that can overflow its container. If a hacker could inject this into servers, they could completely take over the entire system, the BBC reports.
Automatak has reported the weaknesses to the US Department of Homeland Security and the designers of the computer systems.
Hacker attacks on infrastructure are a growing security concern. The U.S. Army identified a hacker who gained access to the National Inventory of Dams back in August, and tracked the hack back to China.