NewsFebruary 4, 2016 @ 4:05 PM

WirelessHART Networking Technology Products Have Vulnerabilities, Researchers Say

The Highway Addressable Remote Transducer (HART) Communications Protocol works with field devices to control parts in industrial control systems (ICS). It also collects data from sensors in order to monitor these industrial environments. The nature of this product makes security a priority, but researchers recently came across some flaws that could pose problems.

Applied Risk reported to SecurityWeek that it found several serious vulnerabilities in some products that use the WirelessHART networking technology. For instance, ProComSol has released an Android-based smart device communicator app for HART. Because of the way this app is configured, an attacker would only need knowledge of the vulnerabilities and an Android smartphone to carry out an exploit.

No Specifics on Networking Technology Vulnerabilities

Applied Risk hasn’t disclosed any specific details about the vulnerabilities of the networking technology since the software products at risk remain unpatched at this time. Vendors have been notified and are working on patches, according to Applied Risk.

The company did tell SecurityWeek that it identified several vulnerabilities in each of the products and brands analyzed. Some flaws share a common attack surface and are found on vulnerable devices around the world.

Unfortunately, the majority of the plants using them are most likely unaware of the risks, SecurityWeek reported. And with a lack of active monitoring systems in use throughout the related industries, an attack would probably go undetected.

“The most serious risk, however, is the loss of life in the case of explosions, especially in hazardous environments,” Jalal Bouhdada, the founder of Applied Risk, told SecurityWeek. “Alongside the potential impact to the environment, an attack could lead to significant reputational damage. End users and ICS suppliers must take a more proactive and thorough approach to testing — and implementing security measures to effectively tackle these threats.”

Others Have Found HART Problems

Applied Risk is not the only security firm to study the existence of vulnerabilities in HART-based devices. In 2014, for example, security researchers discovered that a widely used HART-related library was vulnerable to an exploit that could crash field devices. That issue was eventually fixed by Emerson Process Management.

Attacks on industrial control systems have been on the rise, according to an alert from the Industrial Control System Cyber Emergency Response Team (ICS-CERT). Whether this pathway will be severely exploited is not yet known, but users of the networking technology need to be aware of the potential danger.

Share this Article:
Larry Loeb

Principal, PBC Enterprises

Larry Loeb has written for many of the last century's major "dead tree" computer magazines, having been, among other things, a consulting editor for BYTE magazine and senior editor for the launch of WebWeek. He wrote for IBM's DeveloperWorks site for seven years and has written a book on the Secure Electronic Transaction Internet protocol. His latest book has the commercially obligatory title of Hack Proofing XML. He's been online since uucp "bang" addressing (where the world existed relative to !decvax), serving as editor of the Macintosh Exchange on BIX and the VARBusiness Exchange.