Vulnerable Mobile Apps: The Next ICS/SCADA Cyber Threat

Researchers find nearly 150 vulnerabilities in SCADA mobile apps downloadable from Google Play.

As if ICS/SCADA networks weren’t a juicy enough target, now those networks face a new generation of threats via mobile apps.

Researchers Alexander Bolshev, a security consultant with IOActive, and Ivan Yushkevich, information security auditor for Embedi, randomly selected 34 Android mobile apps from the Google Play store from third-party developers and well-known ICS/SCADA vendors to check for security vulnerabilities: they found 147 security flaws that could be exploited to disrupt or sabotage an industrial process or network infrastructure.

The pair in 2015 had conducted a similar but more cursory study of 20 mobile apps, where they rooted out 50 security weaknesses. They decided to revisit their research this time but at a deeper level, with more rigorous testing of software and hardware, conducting back-end fuzzing and reverse-engineering, and mapping their findings to OWASP’s Top 10

... read more at: