Researchers at Trend Micro, a cybersecurity company, and the Politecnico di Milano analyzed potential entry points and attack vectors for attacks on intelligent manufacturing environments and discovered several new vulnerabilities.
Traditional malware often penetrates the industrial environment and is often detected by existing security solutions, but advanced attackers targeting industrial enterprises are more likely to launch attacks specifically targeting Control Technology Systems (OTS) to make their attacks more effective and reduce the likelihood of detection.
The Polytechnic University of Milan has a special laboratory, Industry 4.0, whose production equipment is normally used in real conditions. Trend Micro is partnering with a university to find out how attackers access production environments and what actions they can take.
The study, which resulted in a 60-page report, examined three main areas: technical workstations, industrial user equipment, the Internet of Things (IIoT) and manufacturing implementation systems (PES).
One of the most important entrances is that of the engineers’ workplaces, often connected to equipment located on the factory floor. Technical workstations are used to control the PLC and HMI, and access to the workstations can be very useful for an intruder, allowing him to access confidential information, move sideways or exchange production equipment.
Researchers at Trend Micro and the Politecnico di Milano have shown how these technical workstations can be compromised by malicious industrial expansions or add-ons. If an attacker can convince a user within a target organization to install a malicious add-on, he can inject random automation logic code into production equipment.
While it may seem difficult to fool an engineer with a malicious superstructure, researchers have discovered a number of vulnerabilities that can make a hacker’s job easier. For example, a security hole in the memory of the ABB RobotStudio application, which contains ABB’s industrial robot automation logic, could allow an attacker to bypass the inspection process and download a malicious expansion module that would be immediately available in memory. ABB has released a server patch for this vulnerability upon receipt of a notification from Trend Micro.
Another example is the KUKA.Sim program for the design and development of robots and CNC (Computer Numerical Control) devices. The problem has to do with the eCatalog function that allows users to import 3D models from other users. The investigators found that the program had no integrity checks on the data downloaded from the electronic catalogue and that the connection between the client and the server was not encrypted, allowing an attacker to make malicious changes to the model.
Learn more about vulnerabilities in industrial systems at the ICS Cybersecurity Conference, SecurityWeek 2020, and the virtual events series SecurityWeek Security Summits.
Customizable IIoT devices that allow engineers to perform fully customizable automation logic on production equipment can also be a good starting point for attacks. While these user devices have many advantages, they can rely on third-party libraries, making them more vulnerable to supply chain attacks.
If an attacker can somehow force a victim to use a Trojan library or modify code directly on a developer’s workstation, the victim can remotely gain full access to the company, alerts Trend Micro.
In the case of MES databases in which work orders and templates are stored, an attacker can simply modify database entries to cause problems. This can be done by an attacker accessing the target organization’s network or an unsecured MES database – an attack can also come from an infected technical workstation.
The researchers also investigated the mobile MMI, which may have weaknesses that other mobile applications have in common. Google Play has over 170 GUI applications, many of which have thousands or even hundreds of thousands of installations.
Vulnerabilities exist in many of these applications, but Trend Micro’s attack examples are focused on Comau’s PickApp, which allows users to control the robots from a tablet or mobile phone. The application is vulnerable to various types of errors that can enable an intruder to take control of the connected machines.
That’s what it looks like: Zurich announces the introduction of a new type of einsurance in production.
That’s what it looks like: The longevity of devices exposes the manufacturing industry to attack: Search on
Looks like: IoD devices from leading vendors infected with malware through the attack chain
@EduardKovacs – Publisher of the Safety Week. He worked for two years as a high school computer science teacher before starting a career in journalism as a security reporter for Softpedia. Edouard has a bachelor’s degree in industrial computer sciences and a master’s degree in computer engineering for electrical engineering.
Previous chronicles of Eduard Kovacs :