Industrial Infrastructure Vulnerable to Remote Tampering: Black Hat

Researchers at this week’s Black Hat conference discussed security weaknesses that could expose industrial control systems to risk

securityIndustrial control infrastructure that is used to monitor and manage devices and sensors can be remotely exploited, potentially leading to a cataclysmic failure, according to at least two sets of researchers speaking at the Black Hat security conference this week.

Researchers from security firm IOActive detailed their findings in a session provocatively titled “Compromising Industrial Facilities From 40 Miles Away.” The industrial automation and control systems (IACS) that IOActive researched use wireless sensors to collect data, explained Lucas Apa, security researcher and consultant at IOActive.

IOActive was able to report a fake measurement to the sensor data collection system. The fake measurement can change the way the backend industrial process will behave.

For example, if a low-temperature measurement is faked and sent to a system that expects a constant temperature, the system will then raise the temperature in the industrial process, even though it’s not required. That increase in internal temperature could have catastrophic implications, with overheated systems that could explode.


Read More