Zero-Click Flaws Discovered in UPS Devices

An uninterruptible power supply (UPS), sometimes known as an uninterruptible power source (UPS), is a piece of electrical equipment that supplies emergency power to a load when the input power source or mains power fails. Uninterruptible power supply systems are distinct from auxiliary or emergency power systems and backup generators in that they will offer near-immediate power protection against input power disruptions by delivering energy stored in batteries, supercapacitors, and/or flywheels.

Even though most uninterruptible power sources have a limited on-battery run-time (as little as a few minutes), they are powerful enough to activate a standby power source or appropriately shut down the protected equipment.

What Happened?

Researchers from Armis have discovered three critical security vulnerabilities in widely used smart uninterruptible power supply (UPS) devices that could allow for remote takeover, resulting in business disruptions, data loss, and even physical damage to critical infrastructure on the part of malicious actors.

The vulnerabilities, which have been nicknamed TLStorm were identified in APC Smart-UPS units, which are deployed in about 20 million locations across the globe. APC is a subsidiary of Schneider Electric, which is one of the world’s largest manufacturers of uninterruptible power supplies (UPS).

Armis has discovered a set of

Read More: