Black Hat: Compromising Wireless Devices

Thursday, August 1, 2013 @ 08:08 PM gHale


By Gregory Hale
Wireless continues its growth curve in the manufacturing automation sector; its benefits mean reduced costs in wiring, ensuring more safety as personnel don’t have to venture in dangerous areas to get readings and more access points to understand what is going on with the process.

“There are vulnerabilities in the wireless sensors used to monitor temperature and pipeline pressure, that could be fatal if abused by an attacker,” said researcher Carlos Mario Penagos of IOActive, a computer security firm, who teamed with Lucas Apa, who gave a talk entitled, “Compromising industrial facilities from 40 miles away” at the Black Hat conference Thursday in Las Vegas.

RELATED STORIES
Black Hat: ICS SCADA Honeypot Finds Threats
Black Hat: Weeding Out Insider Threats
Black Hat: NSA Know the Facts
DHS to Create Security Shop

Wireless devices are vulnerable from up to 40 miles away and the energy industry is susceptible, the researchers said.

The researchers gave a demonstration of how vulnerable a facility could be by showing a temperature with one device was dropping and the operator saw the decline. In reality though, the temperature was increasing and the plant ended up exploding after the process ran out of control.

“If you compromise a company on the Internet, you can cause a monetary loss,” Penagos said. “But in this case, [the impact] is immeasurable because you can cause loss of life.”

Apa and Penagos studied sensors manufactured by three major wireless automation system manufacturers. The sensors typically communicate with a company’s home infrastructure using radio transmitters on the 900MHz or 2.4GHz bands, reporting critical details on operations from remote locations.

The result of the study found vulnerabilities with three major vendors of the devices and, while they could not reveal their names, they showed how easy it was to break in.

One vendor’s password capabilities were weak.

“We found a really nasty way for them to create a password,” said Penagos.

Apa and Penagos found quite a few of the sensors contained a host of weaknesses, ranging from weak cryptographic keys used to authenticate communication, software vulnerabilities and configuration errors.

They tested various attacks against the sensors using a specific kind of radio antennae the sensors use to communicate with their home networks. They found it was possible to modify readings and disable sensors from up to 40 miles (64 kilometers) away.

In one scenario, the researchers found by exploiting a memory corruption bug, all sensors could end up disabled and they could shut down a facility.

Apa and Penagos handed their findings to the U.S. Computer Emergency Readiness Team, which is notifying the affected companies.



Leave a Reply

You must be logged in to post a comment.