News Agency
The Times Real Estate

  • Written by Media Outreach

Protocol gateways prove critical for smart industrial environments

HONG KONG, CHINA - Media OutReach - August 6, 2020 -  (;), the global leader in cloud security, today released research revealing a new class of security vulnerabilities in protocol gateway devices that could expose Industry 4.0 environments to critical attacks.

Also known as protocol translators, protocol gateways allow machinery, sensors, actuators and computers that operate in industrial facilities to talk to each other and to IT systems that are increasingly connected to such environments.

"Protocol gateways rarely get individual attention, but their importance to Industry 4.0 environments is significant and can be singled out by attackers as a critical weak link in the chain," said Bill Malik, vice president of infrastructure strategy for Trend Micro. "By responsibly disclosing nine zero-day vulnerabilities with the affected vendors, Trend Micro is leading the way with industry-first research that will help to make global OT environments more secure."

Trend Micro Research analyzed five popular protocol gateways focused around translation of Modbus, one of the most widely used OT protocols globally.

As detailed in the new report, vulnerabilities and weaknesses found in these devices include:

  • Authentication vulnerabilities allowing unauthorized access
  • Weak encryption implementations allowing decryption of configuration databases
  • Weak implementation of authentication mechanisms resulting in disclosure of sensitive information
  • Denial of Service conditions
  • Flaws in the translation function that could be used to issue stealth commands to sabotage operations

Attacks leveraging such weaknesses could allow malicious hackers to view and steal production configurations and sabotage key industrial processes by manipulating process controls, camouflaging malicious commands with legitimate packets, and denying process control access.

The report makes several key recommendations for vendors, installers and end users of industrial protocol gateways:

  • Consider the design of products carefully before selection. Ensure they have adequate packet filtering capabilities, so that devices aren't prone to translation errors or denial of service
  • Do not rely on a single point of control for the security of the network. Combine ICS firewalls with traffic monitoring for improved security
  • Spend time on configuring and protecting the gateway -- use strong credentials, disable unnecessary services and enable encryption where supported
  • Apply security management to protocol gateways as any other critical OT asset, i.e. regular assessments for vulnerabilities/misconfiguration, and regular patching

The results of this research was presented at Black Hat USA on August 5. To read the full report, please visit: https://www.trendmicro.com/vinfo/hk/security/news/internet-of-things/lost-in-translation-when-industrial-protocol-translation-goes-wrong 

Read more

A Guide to Safe and Legal Asbestos Disposal

Asbestos disposal requires strict adherence to safety and legal standards. This hazardous material poses severe health risks. Handle it with care. It's vital to know the rules, health risks, and pros. They are essential to safe asbestos removal and disposal. Why... Read more

Writers Wanted



NewsServices.com

Content & Technology Connecting Global Audiences

More Information - Less Opinion