Rogue Automation: Vulnerable and Malicious Code in Industrial Programming | SPONSORED
In this White Paper, previously unknown design flaws that malicious actors could exploit to hide malicious functionalities in industrial programming for robots and other automated manufacturing machines are revealed. Since these flaws are difficult to fix, enterprises that deploy vulnerable machines could face serious consequences. An attacker could exploit them to become persistent within a smart factory, silently alter the quality of products, halt a manufacturing line, or perform some other malicious activity.
Industrial Programming Vulnerability
The research was set in motion a few years ago, when we stumbled upon something we had never seen before: a store that distributed software for heavy industrial machines in the form of apps. We downloaded some of these apps and reverse-engineered them to understand how they worked. What we were looking at was something quite different from any software or programming language we were familiar with. The code was written in one of the many proprietary programming languages used to automate industrial machines, the types of robots typically used to assemble cars, process food, and produce pharmaceutical items, among other industrial purposes. The most notable part of our investigation is that we found a vulnerability in one of these apps.
The vulnerable app was a full-fledged web server, running on the bare-metal computer of the controller of the industrial robot on which it was installed. It was written in a custom, proprietary programming language. Although designed many decades ago, languages such as this are still in use today to run critical automation tasks. And although these custom languages are expected to have some form of networking functionalities, we were surprised to see that they had enough features to create a working web server.
While the IT software development industry has been dealing with the consequences of unsecure programming for many decades, the industrial automation world might be unprepared to detect and prevent the exploitation of the issues that were found in this research. It is believed that, given the pace of IT/OT convergence, the automation engineering industry should start embracing and establishing secure coding practices. It is highly likely to face in 10 years the same challenges that the IT software development industry is facing today.
Sponsored by 
Predictive Maintenance for Industrial IoT Devices at the Edge
Working at the edge In industrial operations, time is money. The more efficient processes and machinery are, the better it is for business. Providing proactive monitoring and maintenance of industrial machines, however, is not an easy task. This is especially true
Green at the Core: How Sustainability Is Becoming the New Competitive Edge in Business
Last week, at the Innovation Summit in Paris, I had the pleasure to interview Sophie Borgne, Water Segment President, Schneider Electric, and Georg Weber, Executive Board Member & CTO, Wilo Group. The conversation is focused on sustainability, marking a pivotal shift in
Beyond Boundaries: A Journey Through IIoT Innovation at Hannover Messe Fair 2024
With the eagerly anticipated Hannover Messe Fair 2024 on the horizon, IIoT World has embarked on an exciting initiative to capture the pulse of innovation in the Industrial Internet of Things (IIoT) space at the fair. We reached out to