Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

ICS/OT

More Industrial Products at Risk of KRACK Attacks

An increasing number of vendors have warned customers over the past weeks that their industrial networking products are vulnerable to the recently disclosed Wi-Fi attack method known as KRACK.

An increasing number of vendors have warned customers over the past weeks that their industrial networking products are vulnerable to the recently disclosed Wi-Fi attack method known as KRACK.

The KRACK (Key Reinstallation Attack) flaws affect the WPA and WPA2 protocols and they allow a hacker within range of the targeted device to launch a man-in-the-middle (MitM) attack and decrypt or inject data. A total of ten CVE identifiers have been assigned to these security bugs.

The vulnerabilities impact many products, including devices designed for use in industrial environments. The first industrial solutions providers to warn customers about the KRACK attack were Cisco, Rockwell Automation and Sierra Wireless.

Cisco said the flaws affect some industrial routers and access points, for which the company has released updates. Rockwell and Sierra Wireless have also identified impacted products and provided patches and mitigations.KRACK affects industrial products

Other industrial solutions providers have come forward in the past weeks to admit that their products are affected.

Siemens said the KRACK vulnerabilities affect some of its SCALANCE, SIMATIC, RUGGEDCOM, and SINAMICS products. The company is working on releasing updates that will address the security holes and, in the meantime, it has provided some mitigations.

Swiss-based ABB informed customers that TropOS broadband mesh routers and bridges running Mesh OS 8.5.2 or prior are also vulnerable to KRACK attacks. ABB has yet to release patches, but it did provide workarounds and mitigations.

German industrial automation firm Phoenix Contact also confirmed that three of the KRACK flaws affect some of its BL2, FL, ITC, RAD, TPC and VMT products. The company said the impact is limited for some of its products, and pointed out that in many cases the attacker would have to be inside the plant in order to conduct an attack.

Phoenix is working on patching the vulnerabilities in affected products. The vendor has advised customers using devices running Windows to install the security updates provided by Microsoft.

Advertisement. Scroll to continue reading.

Lantronix informed customers that several of its wireless connectivity solutions are impacted by KRACK, including PremierWave ethernet-to-WiFi gateways, WiPort wireless ethernet bridges, MatchPort programmable embedded device servers, xPico embedded IoT WiFi modules, SGX IoT device gateways, and WiBox wireless device servers.

The company has released a patch for PremierWave 2050. For the other products, fixes are expected to become available by the end of the year.

Some Johnson Controls products may also be vulnerable to KRACK attacks. The company’s product security and incident response team (PSIRT) is currently assessing the impact of these flaws.

Kaspersky Lab’s ICS-CERT team pointed out that while KRACK attacks can be launched against industrial control systems (ICS) — for example, some PLCs use Wi-Fi for remote management — the biggest risk is to network communication devices, smartphones and tablets used by engineers and operators for remote access to ICS.

“In most cases KRACK attacks present virtually no risk to those large industrial and critical infrastructure systems that do not use 802.11 technologies. Today, such systems constitute an absolute majority,” explained Ekaterina Rudina, senior system analyst in Kaspersky’s ICS-CERT team. “Even in cases where these technologies may be used, physical restrictions on access to the controlled zone (e.g., a specific manufacturing unit) would prevent an attack from being carried out.”

“The main risk zone still encompasses those industrial sectors the security of which is given a lower priority than that of critical infrastructure systems and where using wireless technologies to upgrade systems or meet industrial network maintenance needs has become necessary but where compliance with the ‘best practices’ supported by major vendors is not possible because the changes required are too complicated or too costly,” Rudina added.

Related: Thousands of Malware Variants Found on Industrial Systems

Related: One-Third of Industrial Networks Connected to Internet

Written By

Eduard Kovacs (@EduardKovacs) is a managing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join the session as we discuss the challenges and best practices for cybersecurity leaders managing cloud identities.

Register

SecurityWeek’s Ransomware Resilience and Recovery Summit helps businesses to plan, prepare, and recover from a ransomware incident.

Register

Expert Insights

Related Content

Application Security

Cycode, a startup that provides solutions for protecting software source code, emerged from stealth mode on Tuesday with $4.6 million in seed funding.

Vulnerabilities

Less than a week after announcing that it would suspended service indefinitely due to a conflict with an (at the time) unnamed security researcher...

Data Breaches

OpenAI has confirmed a ChatGPT data breach on the same day a security firm reported seeing the use of a component affected by an...

IoT Security

A group of seven security researchers have discovered numerous vulnerabilities in vehicles from 16 car makers, including bugs that allowed them to control car...

Vulnerabilities

A researcher at IOActive discovered that home security systems from SimpliSafe are plagued by a vulnerability that allows tech savvy burglars to remotely disable...

Risk Management

The supply chain threat is directly linked to attack surface management, but the supply chain must be known and understood before it can be...

Cybercrime

Patch Tuesday: Microsoft calls attention to a series of zero-day remote code execution attacks hitting its Office productivity suite.

Vulnerabilities

Patch Tuesday: Microsoft warns vulnerability (CVE-2023-23397) could lead to exploitation before an email is viewed in the Preview Pane.