Researchers identify vulnerabilities in critical industrial equipment

Protocol gateways are critical to enabling Industry 4.0, and Trend Micro has found critical weaknesses in how they operate

Researchers at the cyber security firm Trend Micro have discovered 'serious vulnerabilities' in protocol gateway devices, which could allow hackers to seize control of critical processes at industrial facilities.

Protocol gateways, also known as protocol translators, are small network devices that play an important role in the smooth running of industrial facilities like dams, power plants, water processing plants and smart factories.

The devices translate the protocols used by sensors, actuators, computers and other equipment in industrial facilities, enabling them to communicate with each other, as well as other IT systems in the network.

In their latest research, the Trend Micro team tested five popular protocol gateways used worldwide for translation of Modbus OT protocol in automobile and industrial plants. The purpose was to see how a hacker could use translation vulnerabilities in these devices to launch attacks against industrial facilities.

"We picked Modbus because it's very widely used and has been around for years," said Marco Balduzzi, who presented his findings at the Black Hat virtual hacking conference on 5^th August.

The researchers said they discovered a variety of bugs in the translation function of the protocol gateways they tested. Hackers could leverage these to issue commands to disrupt operational processes at a facility. One specific flaw could allow threat actors to disable sensors used for monitoring the temperature within a facility.

Other vulnerabilities discovered included:

• Weak encryption implementation
• Authentication flaws allowing unauthorised access and disclosure of confidential data
• Denial of Service (DoS) conditions
• A flaw that could enable hackers to reboot gateways by sending them crafted packets

In the case of the DoS flaw, just a few packets can be used to stop a device from operating, which could give a hacker leverage to demand a ransom to restore operations, the researchers warned.

Of the five ICS gateways tested by the Trend Micro, two are from the US, two from Asia and one from Europe.

The researchers believe such issues are common among other gateway devices they did not examine.

"Protocol gateways rarely get individual attention, but their importance to Industry 4.0 environments is significant and can be singled out by attackers as a critical weak link in the chain," said Bill Malik, vice president of infrastructure strategy for Trend Micro.

The researchers advise vendors, installers and users of industrial protocol gateways to pay proper attention to the design of products before making a final selection.

They must ensure that the devices they use have adequate packet filtering capabilities and not prone to DoS or translation errors. Combing ICS firewalls with traffic monitoring can also provide better security for industrial processes.