Security firms IOActive and Embedi released a report yesterday (January 11, 2017) which says that most of the Industrial IT Systems operated across the world and using Industrial Control Systems(ICS) technology are vulnerable to Cyber Attacks.
Researchers from Embedi, a cybersecurity startup say that more than 147 cybersecurity vulnerabilities were found in 34 mobile applications used on Supervisory Control and Data Acquisition (SCADA) systems.
The study claims that once a hacker gains access to the mobile application, they can easily disrupt an industrial process or compromise industrial network infrastructure or cause the SCADA work against normal operations.
Note- The selection of the mobile applications was done on a random note from Google Play Store.
Remember, the research results perfectly coincide with what has been disclosed by UK based Think Tank Chatham House last week. The disclosure says that the integration of digital technology into nuclear weapons is making them prone to hackers who are in a bid to sabotage the systems by interfering in their operations in an illegitimate way.
The research suggests that the current crop of ICS mobile apps do not have a higher quality code which makes them mitigate risks related to cyber threats on Industrial IT Systemsā, said Jason Larsen, Principal Consultant, IOActive.
Factually speaking, the recent study is actually a follow up of a similar study made by Black Hat in 2015. The study made at that time discovered a total of 50 issues in 20 mobile apps used to control Industrial IT systems. Now, the issue seems to have deteriorated as 147 vulnerabilities from 34 applications have come into the open.
IOActive and Embedi research was focused mainly on testing software and hardware, using methods such as reverse engineering and Back-end Fuzz testing, where an automated software is used to test the stability of a control system for crashes, faulty code assertions or any kind of data leaks from memory.
Both the companies have informed the susceptible vendors and are coordinating with them to ensure a fix is released in time.