Researchers at the cyber security firm Trend Micro have discovered 'serious vulnerabilities' in protocol gateway devices, which could allow hackers to seize control of critical processes at industrial facilities.
Protocol gateways, also known as protocol translators, are small network devices that play an important role in the smooth running of industrial facilities like dams, power plants, water processing plants and smart factories.
The devices translate the protocols used by sensors, actuators, computers and other equipment in industrial facilities, enabling them to communicate with each other, as well as other IT systems in the network.
In their latest research, the Trend Micro team tested five popular protocol gateways used worldwide for translation of Modbus OT protocol in automobile and industrial plants. The purpose was to see how a hacker could use translation vulnerabilities in these devices to launch attacks against industrial facilities.
"We picked Modbus because it's very widely used and has been around for years," said Marco Balduzzi, who presented his findings at the Black Hat virtual hacking conference on 5th August.
The researchers said they discovered a variety of bugs in the translation function of the protocol gateways they tested. Hackers could leverage these to issue commands to disrupt operational processes at a facility. One specific flaw could allow threat actors to disable sensors used for monitoring the temperature within a facility.
Other vulnerabilities discovered included:
- Weak encryption implementation
- Authentication flaws allowing unauthorised access and disclosure of confidential data
- Denial of Service (DoS) conditions
- A flaw that could enable hackers to reboot gateways by sending them crafted packets
In the case of the DoS flaw, just a few packets can be used to stop a device from operating, which could give a hacker leverage to demand a ransom to restore operations, the researchers warned.
Of the five ICS gateways tested by the Trend Micro, two are from the US, two from Asia and one from Europe.
The researchers believe such issues are common among other gateway devices they did not examine.
"Protocol gateways rarely get individual attention, but their importance to Industry 4.0 environments is significant and can be singled out by attackers as a critical weak link in the chain," said Bill Malik, vice president of infrastructure strategy for Trend Micro.
The researchers advise vendors, installers and users of industrial protocol gateways to pay proper attention to the design of products before making a final selection.
They must ensure that the devices they use have adequate packet filtering capabilities and not prone to DoS or translation errors. Combing ICS firewalls with traffic monitoring can also provide better security for industrial processes.
Satellite internet service providers are still vulnerable to attack methods discovered nearly 15 years ago
An actively supported OS provide the best way to mitigate the risks arising due to newly discovered security bugs, it says
The bug could enable an attacker to create or delete files, intercept information and otherwise compromise the system
The warning comes in the midst of rising tensions between the USA and China
The bug could allow unauthenticated attackers to steal sensitive information from vulnerable devices