Posted on January 12, 2018 at 5:41 PM
Despite their obvious utility, smartphone apps tailored to industrial processes now pose a serious threat to industry due to several security flaws.
Ever since the dawn of the smartphone and smartphone applications, companies, firms, and institutions have utilized this technology to create apps tailored to their work processes which allow employees to control certain aspects of the processes from the comfort of their own home. This is also true of the industrial sector, where factory employees can increase efficiency by having 24/7 remote access to machinery and processes. However, while this system is undoubtedly useful, it has also fallen victim to a host of cybercrimes. Recent research suggests that hackers could exploit certain apps tailored to the industrial sector to wreak significant damage such as destroying machines and factories.
Two noted security researchers, Ivan Yushkevich from Embedi, as well as Alexander Bolshev from IOActive, conducted a year-long study of 34 different apps developed by major manufacturers such as Schneider Electric and Siemens. Upon concluding the study, the two researchers discovered a total of 147 security flaws in the various apps. The researchers chose the apps based on a random selection process of apps available on the Google Play Store. The researchers declined to state which apps contained the most security flaws and noted that only two apps demonstrated no security flaw whatsoever.
The various security flaws differed in nature. Certain apps intervened with the data and information that was communicated to the app and a specific process or machine. This could pose a threat to companies. For example, the app might inform an employee that a certain machine is running at a safe temperature, when it is actually overheating, which can pose a fire hazard. Other flaws enabled hackers to integrate malicious code on the smartphone, which would send unauthorized commands to the servers responsible for controlling machine actions. It’s easy to see why critical flaws such as these is a massive threat to several major manufacturers.
According to Bolshev, linking apps to machines is a useful albeit dangerous practice. The researchers stated that the impact of every flaw will differ widely depending on the scope of the flaw and the role of the machine or process in question. Some manufacturers, however, argue that they have several fail-safe systems in place that will diminish damage in the event of a cyber attack. In addition, several manufacturer engineers stated that they use data from various sources, not just one app, before communicating commands to machines.
However, these arguments are not completely effective, as hackers have previously demonstrated that they are capable of bypassing several defense mechanisms used by industrial companies. In addition, these flaws could also extend to more risky sectors such as the public transport and power plant industries.
According to the researchers, they have not yet investigated if any of the security flaws have actually been exploited yet. The researchers intend to notify the relevant companies of their app flaws before publishing their findings. While some companies quickly patched the flaws, several others have not yet responded.
The cyber-safety innovation fellow at the Atlantic Council, Beau Woods, noted that this posed a serious conundrum for all industrial businesses. According to Woods, mobile apps allowed machine operators to easily access the machine system remotely, which can make a huge difference in an emergency situation. However, Woods also noted that mobile apps also brought some adverse effects as it made companies vulnerable to malicious attackers.