Industrial Infrastructure Vulnerable to Remote Tampering: Black Hat
LAS VEGAS—Industrial control infrastructure that is used to monitor and manage devices and sensors can be remotely exploited, potentially leading to a cataclysmic failure, according to at least two sets of researchers speaking at the Black Hat security conference this week.
Researchers from security firm IOActive detailed their findings in a session provocatively titled "Compromising Industrial Facilities From 40 Miles Away." The industrial automation and control systems (IACS) that IOActive researched use wireless sensors to collect data, explained Lucas Apa, security researcher and consultant at IOActive.
IOActive was able to report a fake measurement to the sensor data collection system. The fake measurement can change the way the backend industrial process will behave.
For example, if a low-temperature measurement is faked and sent to a system that expects a constant temperature, the system will then raise the temperature in the industrial process, even though it's not required. That increase in internal temperature could have catastrophic implications, with overheated systems that could explode.
The communications between sensors could be spoofed, even though the system apparently has a way to identify specific devices on the network, Apa said.
Another set of researchers from security firm Cimation independently found similar sorts of risks with pipeline infrastructure. In the Cimation test scenario, the researchers tricked the sensor into thinking there was less liquid in the pipeline than there actually was, leading the system to pump more liquid in, until it eventually bursts.
Researchers from both Cimation and IOActive said that the vendors at risk could issue firmware patches to mitigate the risk, but that's not always easily done.
Brian Meixell, security researcher at Cimation, noted that in the devices he looked at for process control, there are a number of components to consider. There are Windows machines that are pulling up data, and then there are the device sensors. He recommended that command-level filtering be implemented to mitigate the risk of rogue commands being issued and that process control systems not get public IP addresses that can be accessed by anyone.
Application whitelisting is another important technique that can help prevent rogue processes. An application whitelist details the applications that are permitted access to the network, rather than allowing access to anyone and anything.
While the fixes fall into the category of good network hygiene, when it comes to industrial control systems, common enterprise security practices have not been implemented.
Industrial control systems haven't been subjected to the same security research as enterprises in the past, which is a matter accessibility, Cimation engineer Eric Forner said. In the modern era where every device gets its own IP address, it's a real problem, he said.
"To a lot of people, this industrial security thing is just a black box," Forner said. "So I think the problem here is that industrial control system security hasn't been on the radar, because these were just remote systems that no one cared about."
Sean Michael Kerner is a senior editor at eWeek and InternetNews.com. Follow him on Twitter @TechJournalist.