Everything running smoothly at the plant? *Whips out mobile phone* Wait. Nooo...

www.theregister.co.uk | 1/11/2018 | Staff
TitanSwimr (Posted by) Level 3
Click For Photo: https://regmedia.co.uk/2018/01/11/shutterstock_mobile_factory.jpg?x=1200&y=794

The security of mobile apps that tie in with Supervisory Control and Data Acquisition (SCADA) systems has deteriorated over the last two-and-a-half years, according to new research.

A team of boffins from IOActive and IoT security startup Embedi said they had discovered 147 vulnerabilities in 34 of the most popular Android mobile apps for SCADA systems.

Applications - Conjunction - SCADA - Systems - Researchers

Mobile applications are increasingly being used in conjunction with SCADA systems. The researchers warned these apps are "riddled with vulnerabilities that could have dire consequences on SCADA systems that operate industrial control systems".

If successfully exploited, the vulnerabilities could allow attackers to disrupt industrial processes or compromise industrial network infrastructure.

Android - Applications - Google - Play - Store

The 34 Android applications tested were randomly selected from the Google Play Store.

The research focused on testing software and hardware, using backend fuzzing and reverse engineering. The team successfully uncovered security vulnerabilities ranging from insecure data storage and insecure communication to insecure cryptography and code-tampering risks.

Research - Security - Weaknesses - Code - Tampering

The research revealed the top five security weaknesses were: code tampering (94 per cent of apps), insecure authorisation (59 per cent of apps), reverse engineering (53 per cent of apps), insecure data storage (47 per cent of apps) and insecure communication (38 per cent of apps).

The same team of researchers found 50 vulnerabilities across 20 Android apps in 2015. The rise to 147 vulnerabilities in 34 apps therefore represents an average increase of 1.6 vulnerabilities per app.

Technical - Details - Research - Alexander - Bolshev

Technical details of the research will be released by Alexander Bolshev, IOActive...
(Excerpt) Read more at: www.theregister.co.uk
0 other people are viewing this story
Wake Up To Breaking News!
Sign In or Register to comment.