OTORIO, the provider of operational technology (OT) cyber and digital risk management solutions announced that three significant industrial cellular router vendors have vulnerabilities in their cloud management platforms that expose customers’ operational networks to external attacks. This raises questions about the safety of connecting OT to the cloud and suggests a need for standard industry regulations to eliminate such security risks.
OTORIO Security Researcher Roni Gavrilov shared key findings and remediation tips at Black Hat Asia 2023, taking place May 9-12 at the Marina Bay Sands Singapore.
Industrial cellular router
An industrial cellular router allows multiple devices to connect to the internet from a cellular network. It is commonly used in industrial settings, such as manufacturing plants or oil rigs, where traditional wired internet connections may not be available or reliable. Vendors of these devices employ cloud platforms to provide customers with remote management, scalability, analytics, and security.
However, OTORIO’s research found 11 vulnerabilities in the cloud platforms studied, allowing remote code execution and full control over hundreds of thousands of devices and OT networks in some cases, even those not actively configured to use the cloud.
Situational awareness
A single IIoT vendor platform being exploited could act as a "pivot point" for attackers"
“As the deployment of IIoT devices becomes more popular, it's important to be aware that threat actors may target their cloud management platforms,” said Gavrilov.
“A single IIoT vendor platform being exploited could act as a "pivot point" for attackers, accessing thousands of environments simultaneously.”
Attack detection
OTORIO discovered a wide range of attack vectors based on the security level of the vendor's cloud platform, including several vulnerabilities in M2M (machine-to-machine) protocols and weak asset registration mechanisms.
In some cases, these security gaps enable attackers to:
- Gain root access through a reverse shell.
- Compromise devices in the production network, facilitating unauthorised access and control with root privileges.
- Compromise devices, exfiltrate sensitive information, and perform operations such as shutdown.
MAC, serial number, or IMEI
One serious issue affecting all three vendors is that their platforms expose devices that have not been configured
Some attacks require identifiers like Media Access Control (MAC) address, serial number, or International Mobile Equipment Identity (IMEI) to breach cloud-connected devices, but others do not.
One serious issue affecting all three vendors is that their platforms expose devices that have not been configured to use the cloud.
Wireless IIoT vulnerabilities
Furthermore, breaches of these devices may bypass all the security layers in the Purdue Enterprise Reference Architecture Model for several different vendors.
This announcement follows OTORIO’s February discovery of wireless IIoT vulnerabilities that provide a direct path to internal OT networks, enabling hackers to bypass the common protection layers in the environments.
- Network / IP
- Electronic security systems
- Industrial security
- Commercial security
- Security management
- Security policy
- Security devices
- Security installation
- Security tagging
- Security monitoring system
- Security access systems
- Network monitoring
- Electronic access control
- Intrusion detection
- Industrial security systems
- Wireless security
- Network cameras
- Security software
- Security service
- Industrial surveillance
- Integration software
- Cyber security
- Internet of Things (IoT)
- Corporate Security
- Central Monitoring
- Data Security
- Network Video Recorders
- Warning Devices
- Cloud security
