Industrial automation software used worldwide to create and configure wireless radios that connect devices in environments such as oil and gas is vulnerable to attack by a hacker armed with an antenna from as far as 30 miles away.
Though the vulnerability in the ProSoft Technology RadioLinx ControlScape pseudo random number generator has been patched through a firmware update released last month, it’s unlikely many of these devices will be patched in short order. IOActive researchers Lucas Apa and Carlos Penagos said these devices are deployed in often difficult-to-reach locations and must be disconnected and attached to a PC to receive the update.