DHS is taking the findings of researcher Justin W. Clarke seriously, investigating his claim that Siemens RuggedCom products could be exploited to attack critical infrastructure. Credit: Thinkstock Researcher Justin W. Clarke says he has discovered a way to spy on traffic moving through networking gear from Siemens’ RuggedCom division. Since the technology is used in a lot of critical infrastructure, DHS is taking notice.The agency is investigating his claims, and its ICS-CERT division released a bulletin, saying, in part:ICS-CERT is aware of a public report of hard-coded RSA SSL private key within RuggedCom’s Rugged Operating System (ROS). The vulnerability with proof-of-concept (PoC) exploit code was publicly presented by security researcher Justin W. Clarke of Cylance Inc.According to this report, the vulnerability can be used to decrypt SSL traffic between an end user and a RuggedCom network device. ICS-CERT notified the affected vendor of the report and asked the vendor to confirm the vulnerability and identify mitigations.ICS-CERT is issuing this alert to provide early notice of the report and identify baseline mitigations for reducing risks to these and other cybersecurity attacks.Clarke told the Reuters news agency the discovery of the flaw is disturbing because hackers who can spy on communications of infrastructure operators could gain credentials to access computer systems that control power plants and other critical systems.“If you can get to the inside, there is almost no authentication, there are almost no checks and balances to stop you,” Clarke said. This is the second time in three months that Clarke has found trouble in RuggedCom products. In May, RuggedCom released an update to its Rugged Operating System software after Clarke found a back door account hackers could use to hijack systems. Related content news Gwinnett Medical Center investigating possible data breach After being contacted by Salted Hash, Gwinnett Medical Center has confirmed they're investigating a security incident By Steve Ragan Oct 02, 2018 6 mins Regulation Data Breach Hacking news Facebook: 30 million accounts impacted by security flaw (updated) In a blog post, Facebook’s VP of product management Guy Rosen said the attackers exploited a flaw in the website's 'View As' function By Steve Ragan Sep 28, 2018 4 mins Data Breach Security news Scammers pose as CNN's Wolf Blitzer, target security professionals Did they really think this would work? By Steve Ragan Sep 04, 2018 2 mins Phishing Social Engineering Security news Congress pushes MITRE to fix CVE program, suggests regular reviews and stable funding After a year of investigation into the Common Vulnerabilities and Exposures (CVE) program, the Energy and Commerce Committee has some suggestions as to how it can be improved By Steve Ragan Aug 27, 2018 3 mins Vulnerabilities Security Podcasts Videos Resources Events SUBSCRIBE TO OUR NEWSLETTER From our editors straight to your inbox Get started by entering your email address below. Please enter a valid email address Subscribe