在我以前的文章中mobile device security工业控制系统(ICS),我分享股票eral findings from Verizon about how 4G LTE addresses five key aspects of securing mobile access to control systems. While addressing network security is a critical aspect of remote access cybersecurity, understanding the threats to ICS applications—if and when an intruder gains access—is an equally important piece of knowledge for manufacturers.
In a white paper titled “SCADA and Mobile Security in the Internet of Things Era,” authors Alexander Bolshev, a security consultant with IOActive (a cybersecurity advisor), and Ivan Yushkevich, information security auditor at Embedi (an embedded device security supplier), address this issue. The authors point out that while most applications accessed via the Internet and private cell networks—such as SCADA and MES clients and remote alerts—typically only allow monitoring of the industrial process, several applications do exist that allow the user to control/supervise the process. These kinds of remote applications are “more exposed and face different attack types, like man-in-the-middle (MiTM) attacks … or [through] another malicious application that could be installed on the device,” according to the paper.
The four main remote application threat types that manufacturers should address are:
Unauthorized physical access to the device or virtual access to device data.Bolshev and Yushkevich note that, in control room applications, “leaking data [via the Internet] could give attackers a more thorough understanding of the industrial process, ICS infrastructure, network addressing schemes, etc. [But in] remote access applications, the consequences are much more dangerous. Attackers could: extract any authentication data stored on the mobile device and use it to connect to remote SCADA endpoints; extract or alter data in the mobile SCADA application; and gain access to or alter data stored on SD cards."
通信渠道妥协(MITM)。由于移动设备可以使用非安全渠道连接到Internet,因此可以创建以下威胁:无需适当的安全机制,私人(例如,企业或家庭)网络妥协,Rogue Wi-Fi或GSM访问点,公共访问点或网络,公共访问点或网络,和VPN通道妥协。这些威胁中的任何一个都可以允许攻击者在应用程序和远程SCADA端点之间嗅探,重播或更改通信数据。
申请妥协。应用程序本身可以在服务器端和客户端都包含各种漏洞。该论文指出:“这可能导致各种漏洞。例如,后端服务上的问题可能包括访问控制列表问题/不正确的权限检查,远程代码/命令执行,数据验证不足或信息泄漏。”
Directly/indirectly influencing an industrial process or industrial network infrastructure.The authors point out “this type of attack could be carried out by sending data that would be carried over to the field segment devices.” They list various methods that could be used to achieve this, such as:
- Acting as a MiTM over an insecure communication channel, an attacker alters commands from a mobile SCADA application to the remote endpoint, which reaches the field devices.
- 攻击者窃取设备并从中提取远程SCADA端点凭据。使用它们,它们连接到SCADA环境并发送恶意命令。另外,攻击者只需在设备解锁和无人看管时拍摄应用程序设置(包括凭据)的照片。
- Engineers unwillingly install a malicious application on their personal mobile device, which initially stays dormant to avoid raising any suspicion. Later, the malicious application exploits vulnerabilities in the victim application to subvert the communication process with the backend servers or to extract valuable data. Another possible case is when SCADA mobile applications store data on partitions with insufficient permission checking and the malicious application alters/reads it.
- The backend servers are attacked using approaches from typical web or infrastructure application penetration testing or by reverse-engineering the protocol between the mobile SCADA application and the remote endpoint. Then, the attackers leverage the vulnerabilities they have identified and send data to the backend servers, which will influence some parts of industrial process or infrastructure.