IoT is not a new thing. Big industry, especially large refineries and chemical manufacturing plants have been using radio frequency sensors to monitor things like temperature, pressure, light, and vibration on pipes and storage tanks for decades. These sensors send their information to radio receivers which then take that data and feed it to databases. There is hardly any security on most of these sensors, and there are millions of them all over the world.
Massive IoT Vulnerabilities
Now here’s a worst case scenario for you. Imagine a terrorist from any of the world’s hot spots, or even a domestic terrorist. A disgruntled fanatic that has decided he’s tired of immigrants taking away hard working American’s jobs – not too far fetched in today’s heated political climate. He’s seen a lot of recent immigrants from the Middle East and Eastern Europe move into his area, becomes disillusioned and a victim of fanatical right-wing extremism, and intends to commit an act of terror.
Now, this man is also very technically savvy, loves to fly drones, and is a good programmer and tinkerer, even a bit of a hacker. He picks up a cheap drone online, and modifies it to carry a Raspberry Pi with a radio module, which can intercept and replace radio transmissions on a wide range of frequencies. Then he packs up the drone and drives to a local chemical plant, which makes highly toxic products.
From the safety of the roadside near the plant, he takes out the drone and flies it over the largest chemical storage tank, which contains Sodium Cyanide, a common industrial reactant. On this storage tank are a number of sensors, monitoring temperature, pressure, and liquid flow. Now, these sensors have recently been upgraded from the old radio frequency ones to newer WiFi-based 802.11N sensors, with strong WPA2 encryption. Seems safe and secure, right? Except our terrorist is using Reaver from the Kali Linux hacking distribution, and he has already spent a few hours cracking the WPA2 key on the WiFi network.
Even though the drone isn’t connected to the same network, our terrorist is now in control of the hotspot, and is intercepting all of the transmissions from the pressure sensor on the tank, replacing the data coming from it with false info. This falsified data that the pressure is low is sent to the computer systems at the plant, which opens the flow valves to increase and equalize the pressure. However, this actually drives the pressure is dangerously high, until the entire tank finally explodes, causing a giant plume of Cyanide to quickly move over the nearby town and kill everyone in minutes.
The Risks Are High
If you think this scenario is too far-fetched to come true, you are greatly mistaken. This could easily happen at any of the hundreds of giant chemical plants all over the world, and certainly in the United States. Protecting against this scenario and other similar ones requires a rethinking of industrial IoT devices and how we think about security architectures in general.
There are methods using standards-based technologies that can prevent the vast majority of intrusions, if not all intrusions, if carefully planned. The use of 2 way TLS certificate for every piece of data transmitted from a sensor to a back-end is essential, as well as strong certificate-based WiFi authentication. There are other useful procedures, but the important thing is to always approach a security system from an attacker’s point of view, rather than as the defender. This can give you insight into vulnerabilities you might otherwise miss. If an attack is even remotely possible, then it’s an exploitable vulnerability and should be immediately protected.