How Good is the Security of the Industrial Internet?

Computers & Mobile Internet of Things
How Good is the Security of the Industrial Internet?

We’re starting to hear a lot about the Internet of Things (IoT) and the Industrial Internet these days. But what a lot of people aren’t aware of is that SCADA systems have been around for a long time, and more and more of these are being connected directly to the Internet. If you didn’t already know, “…a 747 is a big flying Unix host.”

The Register is reporting that at the recent Hack In The Box security summit in Amsterdam, during a presentation by Hugo Teso, a security researcher at N.Runs and a commercial airline pilot, demonstrated attack code that can take full control of a commercial airliner’s flight systems and the pilot’s displays.

The Lab
The equipment used to build the exploit; second-hand commercial flight system software and hardware picked up on eBay.

The thing you should take away from this story isn’t a fear of flying. Teso spent three years working on the attack, and for obvious reasons, the actual attack vectors weren’t divulged during the presentation. Both the Federal Aviation Administration and the European Aviation Safety Administration have been informed and should be working to fix the holes.

However, with more and more makers building systems connected to the Internet, this should be a wake up call for all of us not to make the same mistakes as the people building these legacy systems. Just because your weather station or smart meter isn’t connected to the Internet right now, or is “safe” behind your NAT and home firewall, doesn’t mean you shouldn’t think about security.

We’re right at the start of a revolution in home automation and control where (most?) everyday objects will start to have computing power, and be connected to the network. Let’s design some security in right at the start.

2 thoughts on “How Good is the Security of the Industrial Internet?

  1. rocketguy1701 says:

    Short answer: It Sucks.

    I see a lot of this, basically vendors who have a niche market that they’re serving, SCADA, alarm systems, etc etc, have a network stack that is rudimentary at best, and generally the design leaves it wide open. This is only beginning to change, and frankly they have a lot of catchup to do. I had to push back on a project because the system they wanted to use was open to the entire world and had no functional encryption, that was “coming soon”. I said, “okay, then you can use it… soon.”

Comments are closed.

Discuss this article with the rest of the community on our Discord server!
Tagged

Alasdair Allan is a scientist, author, hacker and tinkerer, who is spending a lot of his time thinking about the Internet of Things. In the past he has mesh networked the Moscone Center, caused a U.S. Senate hearing, and contributed to the detection of what was—at the time—the most distant object yet discovered.

View more articles by Alasdair Allan

ADVERTISEMENT

Maker Faire Bay Area 2023 - Mare Island, CA

Escape to an island of imagination + innovation as Maker Faire Bay Area returns for its 15th iteration!

Buy Tickets today! SAVE 15% and lock-in your preferred date(s).

FEEDBACK