Oil, gas field sensors vulnerable to attack via radio waves
Researchers with IOActive say they can shut down a plant from up to 40 miles away by attacking industrial sensors
IDG News Service - Sensors widely used in the energy industry to monitor industrial processes are vulnerable to attack from 40 miles away using radio transmitters, according to alarming new research.
Researchers Lucas Apa and Carlos Mario Penagos of IOActive, a computer security firm, say they've found a host of software vulnerabilities in the sensors, which are used to monitor metrics such as temperature and pipeline pressure, that could be fatal if abused by an attacker.
Apa and Penagos are scheduled to give a presentation next Thursday at the Black Hat security conference in Las Vegas but gave IDG News Service a preview of their research. They can't reveal many details due to the severity of the problems.
"If you compromise a company on the Internet, you can cause a monetary loss," Penagos said. "But in this case, [the impact] is immeasurable because you can cause loss of life."
The U.S. and other nations have put increased focus in recent years on the safety of industrial control systems used in critical infrastructure such as nuclear power plants, energy and water utilities. The systems, often now connected to the Internet, may have not had thorough security audits, posing a risk of life-threatening attacks from afar.
Apa and Penagos studied sensors manufactured by three major wireless automation system manufacturers. The sensors typically communicate with a company's home infrastructure using radio transmitters on the 900MHz or 2.4GHz bands, reporting critical details on operations from remote locations.
Apa and Penagos found that many of the sensors contained a host of weaknesses, ranging from weak cryptographic keys used to authenticate communication, software vulnerabilities and configuration errors.
For example, they found some families of sensors shipped with identical cryptographic keys. It means that several companies may be using devices that all share the same keys, putting them at a greater risk of attack if a key is compromised.
They tested various attacks against the sensors using a specific kind of radio antennae the sensors use to communicate with their home networks. They found it was possible to modify readings and disable sensors from up to 40 miles (64 kilometers) away. Since the attack isn't conducted over the Internet, there's no way to trace it, Apa said.
In one scenario, the researchers concluded that by exploiting a memory corruption bug, all sensors could be disabled and a facility could be shut down.
Fixing the sensors, which will require firmware updates and configuration changes, won't be easy or quick. "You need to be physically connected to the device to update them," Apa said.
Apa and Penagos won't identify the vendors of the sensors since the problems are so serious. They've handed their findings to the U.S. Computer Emergency Readiness Team, which is notifying the affected companies.
"We care about the people working in the oil fields," Penagos said.
Send news tips and comments to firstname.lastname@example.org. Follow me on Twitter: @jeremy_kirk
- Why Projects Fail CIOs are expected to deliver more projects that transform business, and do so on time, on budget and with limited resources.
- The New Business Case for Video Conferencing: 7 Real-World Benefits Beyond Cost-Savings This whitepaper provides insight into the value of video conferencing in today's business environment, and how organizations are using visual collaboration to find...
- Gartner Magic Quadrant for Client Management Tools The client management tool market is maturing and evolving to adapt to consumerization, desktop virtualization, and an ongoing need to improve efficiency.
- Audit Ready and Asset Optimized: The Solid Promise of an Intelligent Software Asset Management Solution In this paper Frost & Sullivan examines the benefits of enterprise-grade Software Asset Management solutions, and how these solutions serve as the convergence...
- LIVE EVENT: 5/7, The End of Data Protection As We Know It. Introducing a Next Generation Data Protection Architecture. Traditional backup is going away, but where does this leave end-users?
- On-demand webinar: "Mobility Mayhem: Balancing BYOD with Enterprise Security" Check out this on-demand webinar to hear Sophos senior security expert John Shier deep dive into how BYOD impacts your enterprise security strategy... All Cyberwarfare White Papers | Webcasts