Hackers Could Blow Up Factories Using Smartphone Apps (technologyreview.com) 125
An anonymous reader quotes a report from MIT Technology Review: Two security researchers, Alexander Bolshev of IOActive and Ivan Yushkevich of Embedi, spent last year examining 34 apps from companies including Siemens and Schneider Electric. They found a total of 147 security holes in the apps, which were chosen at random from the Google Play Store. Bolshev declined to say which companies were the worst offenders or reveal the flaws in specific apps, but he said only two of the 34 had none at all. Some of the vulnerabilities the researchers discovered would allow hackers to interfere with data flowing between an app and the machine or process it's linked to. So an engineer could be tricked into thinking that, say, a machine is running at a safe temperature when in fact it's overheating. Another flaw would let attackers insert malicious code on a mobile device so that it issues rogue commands to servers controlling many machines. It's not hard to imagine this causing mayhem on an assembly line or explosions in an oil refinery. The researchers say they haven't looked at whether any of the flaws has actually been exploited. Before publishing their findings, they contacted the companies whose apps had flaws in them. Some have already fixed the holes; many have yet to respond.
FUD (Score:5, Insightful)
Oh look, it's the hackers can bomb you with you own computer headline again.
This time featuring smartphones and apps oh boy that changes everything!
Re: (Score:3)
Well, factories are full of stuff that can kill people and controlling those things with something an operator might treat as a personal device certainly increases the attack surface.
So maybe we're not talking about new possibilities here, but we may be talking about a new set of probabilities.
Re: (Score:2, Funny)
Dump truck bombs make you look inept to the other world powers.
In a way, you are saying that using Dump trucks makes you look like Trump. <ducks/>
Re: (Score:2)
Oh, come now. You can't figure out why a *remote attack* that can be executed against a virtually limitless number of targets using their own facilities and leaving no forensic trail back to you might not be just a teensy bit preferable to a truck bomb?
Re: (Score:1)
Re: (Score:3)
Factories are full of stuff that can kill people, and preventing them from killing people has nothing to do with controlling them, and everything to do with independent safety mechanisms.
Any modern plant maintained to any HSE or OSHA minimum standards would allow the control system to do whatever the hell it wants without blowing something up or killing anyone.
Sure there's a shutdown risk, but the major risks should be controlled in a way independent of something someone at a console could do.
Re: (Score:1)
Ah, yes & no - those protections you speak of are in the PLC and controller code, which may well be able to be changed via these apps or vulnerabilities exposed to or by these apps.
Of course, we try to ensure no console/operator can blow things up, but they can do many bad things, like mix explosive chemicals, run at unsafe speeds/temps with various material mixtures, over-tension, etc. The control system can't know everything in complex systems.
Plus lots of systems have manual modes and sequencing that
Re: (Score:2)
Ah, yes & no - those protections you speak of are in the PLC and controller code, which may well be able to be changed via these apps or vulnerabilities exposed to or by these apps.
No and no. There's no safety systems vendor in the world that provides an "app" that can write to a safety system, and PLCs and controller codes are far from the only systems. Thermal protection for machines is often independent of safety and controllers, for electrical they sit in the electrical protection domain even for things like temperature. For pressure protection there are relief valves, and bursting discs. For flow protection we have check valves (which admittedly spend more time in a jammed state
Re: (Score:1)
...Or it could be an app used to update/program the machines firmware... in which case all bets are off when you can inject what you want into the brains of the machine if any of it's safety features are dependent on s
Re:FUD (Score:4, Insightful)
Why would any important system be controlled by a smartphone app anyway, that's just dumb. And why would these apps be put on Google Play for the public to see? No operator is going to use an app to control machinery, instead they're going to look at the dials, use an official computer on-site, and so forth. Maybe in the IT world the sysadmin works from home, but in any mission critical application the workers are always on site.
Any apps used are likely for field service workers to get a quick update (what jobs are left to do, verify that changes are being propogated before packing up, etc). Even then, have you tried using a smartphone or tablet while wearing safety gloves?
It would be nice to see some examples of the kind of apps that are being used this way in the article.
Re: (Score:2)
Raw access to writing back-end registers would seem like an extremely odd design choice to be sure. There are apps that can initiate pre-programmed sequences (with safety interlocks handled upstream), adjust setpoints (with range checking still handled upstream), and pull telemetry and production data.
I can see how you could be a nuisance via tablet/smart phone app, but hopefully it would at least require a password. Re-programming safety checks though seems like terrible design.
Re: (Score:2)
I think there's a group of FUD people out there with regards to SCADA, smart grids, or even embedded systems in general. So we see these sorts of doom and gloom stories quite often that turn out to not have much to them except for the initial panic.
Re: (Score:3)
Re: (Score:2)
Re: (Score:2)
I am a Controls Engineer, i.e. I maintain, code, spec, etc. systems like this. Not a programmer for the vendors who make the software, but end user at a plant using controls software and hardware to make things happen.
The smartphone is not controlling anything, it is the window to look into the controls system to see what is happening.
All of the major companies are designing applications that can do the same thing the operator interfaces do from a smart phone that is connected to the same network as the ma
Re: (Score:2)
Re: (Score:2, Insightful)
Re: (Score:2)
Re: (Score:2)
The idea is that in a system that has a minimum of good sense at the time of design, you have layers of protection of different kinds that prevent a potentially catastrophic command from being executed, and you also design knowing that your control system may have problems and may try to execute exactly these commands that can be catastrophic. Then you put prote
Re: (Score:3)
One of the problems with ICS systems and others like them is that they assume that the operator knows what they are
Re: (Score:2)
I'd like to know what fantasy world you live in where I have competent people designing such systems all the time. My auto-tie baler destroyed itself because the physical limit switch failed, brand new by the way from a very reputable manufacturer. It should have never happened, but it did.
If what you stated is true, I wouldn't have half the problems I have with quite a lot of manufacturers. Point being, not everything is so cut and dry as you state and there are a whole lot of incompetent people building e
Re: (Score:2)
Re: (Score:2)
"I worked in a power plant and in this plant you do things right as I described or really, really bad things happen."
It'll come, don't worry. Our utility company here, Edison, is already full of growing incompetence. I already have an undersized transformer that glows in the dark supplying my service. Edison laid off a lot of important people, people that I've actually had the pleasure to study their work because they're the ones that wrote the book on anything medium to high voltage stuff.
"And to be hon
Re: (Score:2)
Short version: Equipment which can "explode" because of ridiculous "superhackers" only happens in Hollywood or when you have a completely incompetent engineer, and I seriously doubt you're going to entrust a multi-thousand dollar rig to an incompetent engineer.
I replied to another of your posts, but let me say again here:
I am a controls engineer, do this for a living, know industry standards.
Yes, you have layers of protection to prevent things from happening, but the electrical with a mechanical back up you
Re: (Score:2)
Re: (Score:2)
No no, the mechanical protection I have described is of another type. There are several examples I can give but let's get one of the simple ones: Imagine some system where if the valve A is open then the valve B needs to be closed and vice versa, the valves MUST not open at the same time. in a normal situation you have a PLC deciding when to open and close the valves, but the valves contain a mechanical limiter such that when valve A opens the mechanism locks and prevents opening of valve B (and vice versa), then even if the PLC orders the two valves to open only one will be able to open because of mechanical blocking (this also exists for electric keys)
Yes, those things exist and are used, but more often they are not used.
Even if you use those kinds of mechanical limits, there are more scenarios then I can count where those are not practical or even possible and you can fire open 2 valves if you have access to the code and can blow stuff up, or vent something to atmosphere or overwhelm a Waste water treatment plant.
When it comes down to it, most things in life are protected by the code of the systems, either process controls systems or safety instrumented
Re: (Score:1)
So yeah, anyone that really wanted to be nefarious can seriously d
Re: (Score:2)
*MISSION IMPOSSIBLE* (Score:1)
Anyone old enough to watch the "Mission Impossible" tv series know to well how this goes ...
They fed one single punch card into a card reading machine and suddenly the bad guy's computer (a cabinet with lots of flashing lights) gone totally haywire, and smoke billowing out
Fifty something years later (this is 2018, btw) do we have to continue being bombarded with this kind of bullshit ??
Re: (Score:3, Informative)
Re: (Score:2)
Re: (Score:2)
Re: (Score:2)
Re: (Score:2)
Re: (Score:2, Interesting)
While you're correct, I would point out that it *is* a direction which several separate things are actively *attempting* to move us towards.
On one side you've got businesses who will cut costs at any opportunity, and only ever keep the bare minimum of safety the law mandates - or lie about having it as we may recall with the BP spill among other incidents. The more that can be done from across the globe with the less workers possible, the better. As long as it can be someone else's fault when everything goe
Re: (Score:2)
Oh look, it's the hackers can bomb you with you own computer headline again. This time featuring smartphones and apps oh boy that changes everything!
That said, poor security and factory machines accepting commands from smartphone apps does sound like a rather bad idea.
Re: (Score:2)
Blow up an oil refinery? (Score:2, Informative)
OK let's say you have enough knowledge to do this remotely. Even if you can manipulate process automation through a smartphone app, it's a sure bet you can't change most of the limits or permissives. There are specific reasons why process and power are designed to prevent this and covered by ASME or API codes. It's not random or arbitrary design. And while there are industrial accidents they are usually a chain of multiple failures or unforeseen problems in the design no one anticipated.
This article is
Re: (Score:1)
You have no idea how insecure some industrial systems are. I remember having found unauthenticated remote administration modems directly connected to industrial production robots when on a pentest project. You could do a lot of bad stuff with such an access - kill the machine or even the operator, if you are lucky (or not). Granted, this was some 10 years ago, but I doubt the situation is much different today, as you don't replace industrial systems that frequently. The systems I was testing were from the 8
Only works on factories run by morons (Score:2, Informative)
1st rule of internet security: Only hook something to the net if it must be hooked to the net to do its job.
2nd rule of internet security: If a system is hooked to the net to allow monitoring, make it only capable of transmitting onto the net, and not recieving from the net.
3rd rule of internet security: Do not hire morons who will plug a memory stick into a unit that's not on the net, after that stick has been in a unit that is on the net.
4th rule of internet security: Disable any wireless connectivity on
Re:Only works on factories run by morons (Score:5, Insightful)
Organizations that blame their security issues on "morons" are unlikely to develop an effective security posture.
Re: (Score:3)
By "moron" this means the people creating the security procedures, or the workers who refused to take the proper training. The solution is to fire those workers. Ie, the poster did not mean you should blame the workers who are morons, but meant that essentially no company is being this stupid unless it's actually being run by morons. In that case, you can blame the morons who are running the company.
Re: (Score:3, Interesting)
But that would need more workers on site. They will fully unionize over the long shifts and demand a "living wage".
The idea of hooking something to the net was so one trusted engineer could do the jobs of many on site workers.
Without the internet local workers would have to be hired on site again and they will unionize.
Re Do not hire morons who will plug a memory stick into a unit that's not on the net, after that stick h
Morons are too clever (Score:3)
3rd rule of internet security: Do not hire morons who will plug a memory stick into a unit that's not on the net, after that stick has been in a unit that is on the net.
Not possible. If you don't want a memory stick plugged in then you will have to physically remove access. Even smart people with the best of intentions make mistakes or sometimes are duped.
4th rule of internet security: Disable any wireless connectivity on systems you are not intentionally hooking to the net.
Wireless (and wired) connectivity systems should be disabled by default and require positive action to enable. End users should not have the rights to enable this functionality.
5th rule of internet security: Do not hire anybody who would violate the preceeding four rules.
And how do you propose to identify these people ahead of time since they don't carry Bill Engvall I'm stupid [wikipedia.org] signs.
Re: (Score:2)
The wireless access is provided to address real-world problems, start-up/commissioning are the most common from the manufacturer/OEM side, giving status and supply level data to floor managers, and eliminating the need for everything to be controlled from the control room.
These things all increase attack surface, but they are ultimately part of running a lean operation, so they are here to stay.
Red Storm Rising (Score:1)
Re: (Score:2)
In the 1980's (Score:4, Funny)
Someone preppy who is photogenic has a modem and a new computer.
They had the phone number of their local power plant.
They created a script to dial every extension and only keep the number of any phone number extension that responded to a modem.
A day later they got a direct line to a modem in the power plant and could interact in computer ways with the local power company...
Black helicopters, federal law enforcement in suits swarm the local town looking for the computer owner.
In 2018 the movie has to have an app. The messages to and from the power plant are now are all on social media and have a pretty GUI.
Re: (Score:2)
With that another nations spy agency/contractors can cross reference all workers for crimes, illegal lifestyles, gambling debts, unfaithfulness, strange expensive hobbies, the need for a holiday, health problems, addictions.
A person who is susceptible to needing a lot of cash or has something to hide.
That trusted person can then be asked to do things on site or hire a new person who will.
Most good companies do penetration testing to see
Re: (Score:3)
Re: (Score:2)
True, and direct access to the ladder logic from the floor via an app is terrible security protocol, unless you have hardwired safety interlocks for range and sequence. You shouldn’t be able to start a pump with the suction and discharge valves closed as an example.
Here's something to worry about (Score:5, Interesting)
Re: (Score:3)
Re: (Score:3)
Question, when did you last stop the production in order to apply windows updates? What's that I hear, never in the last 10 years?
Re: (Score:2)
Re:oh no! you stopped the conveyor line~ (Score:4, Insightful)
Re: (Score:2)
Re: (Score:2)
no longer a threat (Score:2, Insightful)
Phewww - that was close! But thanks to the diligent bi-partisan efforts of our legislators and the brilliant patriotic leadership of our businesspersons, the United States is safe from this threat. We have no factories left for anyone to blow up.
Re:no longer a threat (Score:4, Interesting)
Of course if you were going to be that destructive, much safer to drive around in a white diesel van with an PTO and an electromagnetic pulse generator and simply cause wide spread chaos on the move. Pretty hard to track you down, as all the tracking systems and agencies go down and you are only noticeable by the fact you are still moving, whilst everything else is coming to a halt with the damage and impact tied to the power output of your EMP device and how many kilometres you can travel with it pulsing away. Don't do this, it would be bad, seriously but you know where this is going been said again and again. When governments hack governments, the next step is EMP attacks, it is inevitable that it will escalate to this and you can bet corporations will attack corporations, billions at stake.
Re: no longer a threat (Score:2)
Re: no longer a threat (Score:2)
Re: (Score:2)
Internet and intranet access should not mix (Score:3)
If you allow remote access to factory systems with anything else but special purpose laptops with hardware VPN and zero Internet access, you're doing it wrong. Any data crossing between from internet to intranet should require red tape, any software mountains of red tape (all on physically archived paper). Any data from intranet to internet should be across busses verified to be strictly unidirectional (ie. not tcp/ip with some ungodly complex stack written in C).
Almost everyone is doing it wrong ... the only place you should BYOD is the unemployment line.
Re:Internet and intranet access should not mix (Score:5, Interesting)
East Germany faced just that problem. One day a trusted member of staff walked out with a list of East Germany spies in other nations.
Before creating new trusted spy networks with new names something had to be done to prevent a list of spies ever walking out again.
Details about mission, the spy codename, the real identity got split up into very different physical files kept separated.
Nobody could every put the real name to the results of a mission without mountains of red tape to walk each file together and see a person's name linked to a mission.
East Germany then went digital.
Th East Germans thought it would be good to have a full list that could be accessed if spies had to be given new missions very quickly.
The CIA walked out with the list of all their spies.
The same was used for NSA compartmentalization until the political rush for private sector contractors resulted in walk outs.
The storing of some US gov/mil/contractors/workers information, clearance levels, past work, mission history, lifestyles in plain text on internet facing computers.
Political parties who have trusted staff walk unencrypted data to the waiting media.
So much is done to save time, for politics, for cost savings that later results in vast amounts of data walking.
No apps needed as everything is in plain text as thats how its been used everyday.
Re: (Score:2)
Re: (Score:2)
The US stored some of its workers, contractors, some gov/mil background information in plain text on internet facing networks.
That copy kept in plain text, copied out onto the internet gave away all information about some workers life, some work within the US gov/mil. The skills set they had. Any past lifestyle issues with say gambling, healthcare, past le
Re: (Score:1)
I was developing an experimental medical monitoring device; we couldn't legally use anything electrically connected on a patient without FDA approval, and we couldn't get FDA approval without patient testing.
The standard approach in such situations is to send the data over unidirectional fibre optics from the device to the data logger (a laptop in this case). Physically impossible to send anything back along that connection with the hardware we were using; the transmitter had no ability to recieve signals a
Exploit them (Score:3)
The only way we are going to see any change in the industry is if it starts costing them money because simply continually cleaning up the messes of careless companies isn't going to change their attitude toward security. The reality is that you are actually enabling them to continue on with their poor security practices.
Re: (Score:2)
Security researchers, Ivan Yaganoff & Ima Chir (Score:1)
Just out of curiosity, do all "security researchers" come from shithole countries?
Re: (Score:3)
Damn Slashdot stepped on my joke. The subject line of my above comment was supposed to be,
New copy... (Score:1)
Re: (Score:3)
unconscionable (Score:1)
Some /. headlines and summaries are bad, some are misleading, and some are unconscionable. It is hard to imagine that competent companies and engineers can design their systems so stupidly as to allow "hackerZ to BLOW UP FACTORIES USING SMARTPHONE APPS". Yes, incompetence happens. Yes, competent terrorism/vandalism happens. But no, the presumption is that this jump of imagination is simply an unethical sen
Actually it is hard to imagine (Score:4, Interesting)
Any refinery or chemical plant that is even remotely complaint with HSE rules should have very limited exposure to anything the control system can do to cause a truly major incident.
Sure it is trivial to shut it down or trivial to do something like cause catalyst or product to go to where it shouldn't. But any scenario that could cause something like an explosion should be identified and protected by safety systems independent of control systems and unable to be directly controlled.
Even when you look at oil industry incidents recently you can see the majority of accidents are due to missmanagement or bypassing of safety barriers for abnormal reasons which aren't properly risk assessed.
This potential scenario is one of the reasons the TRITON / TRISIS [slashdot.org] malware we covered recently got so much interest, and likely one of the reasons why the attacker was attempting to modify the code in the safety system.
Don't they follow the '2 mechanical backups"... (Score:2, Informative)
rule. When I was working with high voltage semiconductor equipment, the rule was that there
had to be 2 electromechanical (i.e. not computer controlled) backup systems to 'safe' things
before they could be accessed. Seemed sensible to me. Is this not followed anymore?
My first thought: (Score:2)
Real life "Watchdogs". Nice. Gotta love this IoT nonsense everybody's into lately.
What a disappointment (Score:2)
Have you never heard of SCADA or Project Aurora (Score:2, Informative)
SCADA (process control) networks have long been known to have vulnerabilities that can be exploited in the real world. Further, project Aurora proved you could cause a generator to explode with the proper SCADA inputs. Just because they are front ending the mess with apps doesn't change anything.
Already demonstrated in the wild, you forget? (Score:1)
Damn y'all naysayers forgot about Stuxnet fast.
for those saying it is FUD (Score:1)
I will just leave this here:
https://www.youtube.com/watch?... [youtube.com]
I think people over estimate engineers consistently and fail to understand the context of an engineers work in todays world. its all fine and dandy to say that proper engineers would never do things like this or allow control of dangerous processes to have contact with the outside world, but engineers are people too, people who have bosses who tell them what to do. They are also afflicted by project costs and inter office politics, so much so that
Imagine (Score:2)
It's not hard to imagine this causing mayhem on an assembly line or explosions in an oil refinery.
Yeah I can imagine a lot of things. Can these flaws actually be used to blow something up, or just imagine it?