PLCs are industrial automation computers used in factories, chemical facilities and power plants etc.
>>61394880
If he used SSH then whats the issue?
>>61394934
PLCs should never be connected to the Internet.
What if his iPhone is compromised?
>>61394934
The issue is that SSH should never be discoverable from outside the network - you should have to VPN in to access SSH.
Which he might have done, but historically PLCs that are set up this way are done so using the default admin/password from the factor, and they allow any external connections.
Shit like this is why SHODAN exists.
>>61394934
>b-but IoT is seccure
You don't ever connect the internet to any embbed device. They aren't updated and maintanced regularly, nor are they ever wiped/reimaged.
I could not fathom putting any radio on it, let alone WiFi of all things. He'd be lucky if becoming a DDOS slave is the only thing that happens to his PLC
>>61394976
I use a key file to SSH into a machine that's fully visible on the net. What's the problem?
>>61394880
>without a computer
>using nothing but my iPhone
i dont thing this nigga should be touching any plcs at all
>>61394976
>ssh
>password
What the fuck am I reading?
I actually work at a chemical plant and I can assure you our PLCs don't let people fuck around with them from a cell phone.
>>61395546
>These 'people' have access to PLCs nowadays
Hate to think where we'll be in twenty years,.
>>61395297
Exploits and flaws which allow one to bypass the standard authentication processes.
... And the ability for 7 billion people to try to find the exploit or flaw?>>61395297
>>61397146
>Exploits and flaws which allow one to bypass the standard authentication processes.
>use a 100x LoC VPN implementation instead!
I'll use SSH to create a tunnel for my VPN. Using VPN to let users on your network is fucking stupid.
>>61395779
>Hate to think where we'll be in twenty years,.
If history means anything, still in your basement.
>>61397300
optimistic
>>61395297
>ssh is perfect software
stop with this meme
I just hope their netsec guy has a full PCAP of his shenanigans and he gets written up. The cynical side of me knows he is the guy in charge though
>>61397228
seriously it's the same public key scheme either way, there's no hard distinction between ssh/vpn