This is concerning considering reports of hackers targeting public utilities on US soil and beyond are on the rise.
Andrew Lemon from Red Threat revealed his findings in a pair of blog postspublishedlast week.
He had been digging into potential vulnerabilities in traffic control systems as part of a larger research project.
One gear that caught his attention was the Intelight X-1 controller.
Despite being a part of Critical National Infrastructure, the controller was exposed to the internet without authentication.
As he put it, “it’s a denial of service in the physical world.”
Q-Free’s legal counsel in a letter claimed that looking at the gear may have violated anti-hacking laws.
However, they admitted some may still be in use and encouraged customers to reach out for guidance.
But Intelight wasn’t Lemon’s only concerning find.
Masthead credit:Jonatan Hernandez
