Researchers found a significant security flaw in a series of IoT connectivity chips could leave billions of industrial, commercial and medical devices open to attackers. The flaw affects Cinterion EHS8 M2M modules built to create secure communication channels for industrial IoT machines that operate in factories, the energy sector and medical roles.
"This vulnerability highlights the risk of using legacy IoT communications devices that weren't designed to be secure from the ground up. Modern security architectures incorporate properties such as compartmentalization, which are hardware-enforced boundaries that prevent a flaw in one software component from giving adversaries access to other parts of the system – such as where certificates are stored,” says Phil Neray, vice president of IoT and industrial cybersecurity for CyberX, a Microsoft company tells IndustryWeek. “When we're talking about industrial and critical infrastructure environments, such as oil and gas pipelines, this type of vulnerability could lead to serious safety and environmental incidents as well as costly downtime."
The threat landscape is evolving constantly with increased levels of sophistication. At the same time, manufacturers are becoming attractive targets – not only for access to customer data, but also as an avenue to control data, equipment operation and intellectual property.
The key takeaway here? As highly connected industrial environments rapidly become the norm, organizations need to remain proactive in protecting these connections from nefarious characters.