The Role of Industrial Routers in Keeping the Future Factory Secure
Published on: May 03, 2017
TL;DR: Industrial routers play a very crucial role: a single vulnerability can grant the attacker access to an entire network of critical machines. In this research, I’ve looked at how easy it is for a hypothetical attacker to find and enumerate industrial routers, and the security posture of their vendors.
Industrial routers aren’t just regular routers in a rugged case. They are the gateway to networks of machines, which usually end up interacting with the physical world. Think about connected vehicles, factories, robots, and so on.
After going through the “Switches Get Stitches” talks (44CON 2014, 31C3 2014, Black Hat US 2015), we had some bad feelings about industrial routers too, so we’ve started to collect technical resources like manuals and firmware update files, and crafted Shodan and Censys search strings to see how many of these routers were directly exposed to a casual attacker.
The first thing that we’ve noticed was the abundance of technical information freely available to the public. Don’t get me wrong: I’m not advocating in favor of “security through obscurity” nor “closed source”. Once I believe in openness, I also believe that critical targets like industrial routers (which are put in front of supposedly critical machinery), shouldn’t be that easy for a casual attacker to discover. Ironically, marketing brochures required a registration, whereas firmware and technical manuals were directly indexed by search engines and publicly accessible.
Given the security posture of some vendors, we’ve decided to take a broad look at all of them, both from a reconnaissance and vulnerability viewpoint.
If you’re curious, head over to the full article on TrendLab’s Security Intelligence Blog.
An Experimental Security Analysis of an Industrial Robot Controller
Davide Quarta, Marcello Pogliani, Mario Polino, Federico Maggi, Andrea Maria Zanchettin, and Stefano Zanero.
In Proceedings of the 38th IEEE Symposium on Security and Privacy. S&P ’17. San Jose, CA: ACM. DOI: http://dx.doi.org/10.1109/SP.2017.20 (May 2017) [PDF]