ICS Security Firm Warns of Flaws in WirelessHART Devices

Applied Risk, a company that specializes in securing industrial control systems (ICS), reported finding several serious vulnerabilities in products leveraging WirelessHART technology.

WirelessHART is a wireless sensor networking technology that is based on the Highway Addressable Remote Transducer Protocol (HART). The technology has been developed for field devices, which are designed to control valves and breakers, collect data from sensors, and monitor industrial environments.

Since the security holes it has identified have not been patched, Applied Risk hasn’t disclosed any details. However, Jalal Bouhdada, founder and principal security consultant for Applied Risk, told SecurityWeek that they have identified several vulnerabilities in each of the products and brands they have analyzed.

Some of the vendors whose products are affected have been notified and they are currently working on addressing the issues, Bouhdada said. The expert has pointed out that some of the flaws they have found share a common attack surface.

The vulnerable devices are reportedly deployed across the world in various industries, and experts are concerned that a majority of the plants using them are unaware of the risks and an attack would likely go undetected due to the lack of active monitoring systems at this level.

“The risks this flaw pose reach far beyond financial loss. The loss of production is a significant issue for manufacturers, as are fines from customers if products aren’t delivered on time. The most serious risk, however, is the loss of life in the case of explosions, especially in hazardous environments,” Bouhdada said. “Alongside the potential impact to the environment, an attack could lead to significant reputational damage. End users and ICS suppliers must take a more proactive and thorough approach to testing – and implementing security measures to effectively tackle these threats.”

Applied Risk has leveraged its research into the security of WirelessHART products to develop a fuzzer designed to help manufacturers identify security flaws in the early stages of development. Bouhdada says the WirelessHART Fuzzer will become available sometime this year.

Last year, Applied Risk reported finding serious vulnerabilities in industrial ethernet switches from Moxa and power quality measurement products made by Germany-based Janitza Electronics.

Applied Risk is not the only security firm to warn about the existence of vulnerabilities in HART-based field devices. Alexander Bolshev and Gleb Cherbov, researchers at Russia-based Digital Security, discovered in 2014 that a library used by many manufacturing and technology companies was plagued by a vulnerability that could be exploited to crash field devices.

The developer of the affected library, CodeWrights GmbH, released a new version to address the vulnerability, and many of the affected vendors integrated it into their products. The list of affected companies included Emerson, Honeywell, Magnetrol and Pepperl+Fuchs.

Related: Learn More at the ICS Cyber Security Conference