Industrial cellular routers and gateways are critical in connecting industrial applications and providing remote monitoring, control, and data sharing across multiple industries. Recent studies by the Israeli industrial cybersecurity firm OTORIO, on the other hand, have shown substantial security flaws in the cloud management systems linked with three major industrial cellular router providers. These flaws have the potential to expose operational technology (OT) networks to external attacks, putting vital infrastructure sectors like substations, water utilities, oil fields, and pipelines at danger.
OTORIO disclosed their finding of 11 vulnerabilities at the Black Hat Asia 2023 conference, which might allow remote code execution and full control over hundreds of thousands of devices and OT networks. These flaws can be found in cloud-based management solutions provided by Sierra Wireless, Teltonika Networks, and InHand Networks. Exploiting these flaws could result in the bypassing of security layers, the exfiltration of sensitive information, remote code execution, and unauthorized access to network equipment.
The flaws in the cloud-based management solutions take advantage of three separate attack vectors:
Weak asset registration procedures (Sierra Wireless): Attackers can find unregistered cloud-connected devices, collect serial numbers for them using the AirVantage online Warranty Checker tool, register them under their control, and execute arbitrary commands.
Security flaws (InHand Networks): Unauthorized users can exploit certain vulnerabilities to get root-level remote code execution, issue reboot instructions, and push firmware updates.
External APIs and interfaces (Teltonika Networks): Threat actors can exploit a variety of vulnerabilities in the remote management system (RMS) to get access to sensitive device information and passwords, accomplish remote code execution, expose connected devices on the network, and impersonate genuine devices.
Furthermore, two high-severity vulnerabilities in Teltonika's RUT router firmware were uncovered, which might lead to arbitrary code execution and command injection. Exploiting these vulnerabilities can lead to the surveillance of network traffic, the theft of sensitive data, the hijacking of internet connections, the injection of malware into traffic, the access and control of networked devices, and the manipulation of router settings.
According to OTORIO, cloud-managed devices offer major supply-chain vulnerabilities. A flaw in a single vendor's platform can act as a backdoor to many OT networks at the same time. This emphasizes the importance of increased awareness and security measures as the deployment of industrial Internet of Things (IIoT) devices grows in popularity. A single hacked IIoT vendor platform might serve as a "pivot point" for attackers, allowing them to gain access to thousands of environments at once.
This latest discovery emphasizes the significance of strong cybersecurity practices in industrial settings. Industrial organizations must prioritize the adoption of strong security measures, including as regular vulnerability assessments, patch management, network segmentation, and monitoring systems, to mitigate these threats. Collaborations between cybersecurity organizations, vendors, and industry specialists are crucial for identifying and addressing vulnerabilities in industrial systems, protecting key infrastructure, and protecting against potential cyber threats.
This blog was written by the Activated Solutions team. If you are a business owner or an individual concerned about your cybersecurity, it's time to take action. Activated Solutions can help you to protect your business and personal data from potential cyber threats.
Contact Activated Solutions today to learn more about how they can help you protect your business. With our expertise and commitment to cybersecurity, you can have peace of mind knowing that you are taking proactive steps to protect yourself and your business from potential data breaches.
For more information, please visit: activatedsolutions.ca.
Sources
Lakshmanan, Ravie. “Industrial Cellular Routers at Risk: 11 New Vulnerabilities Expose OT Networks.” The Hacker News, 15 May 2023, https://thehackernews.com/2023/05/industrial-cellular-routers-at-risk-11.html. Accessed 29 May 2023.
コメント