SCADA Mobile Apps are unsafe. In case of a cyber attack, many lives will be in danger

SCADA Mobile Apps are unsafe. In case of a cyber attack, many lives will be in danger

Our cybersecurity team had analyzed SCADA mobile applications from more than 30 companies, discovering security flaws in most of them, some of them can be very dangerous because hackers can use them in targeting industrial processes.
We had documented security flaws since 2015 when a study was conducted over 20 mobile apps used for control ICS hardware and software.
Back then at least one vulnerability had been found in every app, totaling the number to more than 50 vulnerabilities.
At this beginning of the year, we decided to study more SCADA apps again to see how thing changed in the IIoT - Industrial Internet of Things regarding security.

Our experts had randomly selected more than 30 SCADA apps available on the Google Play Store for study. The study targeted security flaws in both local and remote apps that are used by the users to control or monitor various ICS systems.
Local apps are the ones which engineers use in the industrial zone connecting their devices to the equipment like PLCs, RTUs and industrial gateways via Wi-Fi, Serial Connection or Bluetooth.
Remote apps are the ones that allow engineers to supervise, and in some cases control, ICS systems over the Internet.

Our cybersecurity team used all security flaws present in the 2016 OWASP Mobile Top 10 list during the study to discover as many vulnerabilities as they can. Our experts found plenty of them, 152 to be more exact. This leads them to conclude that more than 90% of the apps don't have security at all for protecting the apps against code tampering.
The other 10% that have this security feature has only the fundamental one that can be overpass easily by malware that is designed to root the infected device before starting the attack.

A tiny number, 7 of them, had secure authorization features that were correctly implemented. Nearly 60% of them didn't use code obfuscation and other encryption methods for protecting their source code, and this translates in that any hacker can reverse engineer the app if they want to insert malicious code.

The percentage remains the same for the number of apps that failed to secure exported data from the ICS. Neither the communication between apps and ICS system was secured, our experts managing to exploit more than a half of the apps tested.

Looking back at this study our CEO stated: "The way that many companies handle cybersecurity for their apps it is unbelievable. Many of them are insecure in case of a cyber attack placing at risk the whole industrial process that the systems are designed for and in danger the workers that operate them.
Every engineer, as well as every user, must not rely on standard security options that in many cases are weak or inexistent. Instead, they have to install only the best security option like a top antivirus to stay safe!"

CyberByte Antivirus comes in two flavors:
MacOS Version - the free download Mac antivirus available on our website (https://mac.cyberbyte.org)
Windows Version - the free download Windows antivirus available on our website (https://pc.cyberbyte.org)
The free antivirus is with limited features.

About CyberByte About CyberByte