"These Hackers Showed Just How Easy It Is to Target Critical Infrastructure"
Two Dutch researchers won $90,000 and a championship trophy at Pwn2Own Miami 2022, a hacking contest focused on Industrial Control Systems (ICS), by hitting the software that runs the world's power grids, gas pipelines, and more. Daan Keuper and Thijs Alkemade targeted a communications protocol called OPC UA that is used by different parts of a critical-operations system to talk to each other in industrial settings. They successfully demonstrated the possibility of bypassing the trusted-application check. Keuper emphasized that OPC UA is widely used in the industrial world as a connector between systems, thus making it an essential component of typical industrial networks and a significant finding that its authentication can be bypassed to read or modify anything. Another notable target at Pwn2Own was the Iconics Genesis64, a human-machine interface tool that hackers can infiltrate to take down critical targets while tricking human operators into thinking nothing is wrong. The Iconics Genesis64 was hacked at least six times, giving attackers complete control. The teams who took the challenge of hacking Iconics Genesis64 won a total of $75,000. This article continues to discuss achievements made at Pwn2Own 2022, other hacks demonstrated by Keuper, and the importance of bolstering the security of critical infrastructure.