416-477-0594

By Hacking Smartphone Apps, you may be able to Blow Up a Warehouse or Industrial Facility

HackerCyber-attacks and hacking has made living in the contemporary age of tech never more frightening. As evidenced in the smartphone applications used by industrial warehouses and facilities across the world, things may have just gotten a little more dangerous. 

According to a report published by MIT earlier this month, from security holes found in popular smartphone applications used to control processes in industrial settings, it may be possible for a hacker to not only interfere with these processes but to blow up a factory.

As unbelievable as that may sound, it’s true. With the tech boom from the last twenty years, warehouses and industrial facilities have increasingly counted on mobile apps to monitor and manage machines. In turn, companies have increased efficiencies. It’s unfortunate that examining some of the industrial world’s most popular apps, including ones prominently used by corporations such as Siemens and Schneider Electric, there are massive security flaws left unaddressed. This MIT study found 147 security holes across 34 widely-used industrial facility apps.

A hacker tapping into one of these apps, they could potentially manipulate the data flow and even change the machine process it is linked to. Therefore, an engineer could see readings of a machine operating at a safe temperature while the same machine is overheating. There are a variety of scenarios one could ponder similar to this, such as the insertion of coding that could completely dismantle an app controlling multiple machines, creating massive hazards and causing machines to operate dangerously all at the same time.

Though it hasn’t happened yet, the potential for it does exist. That said, there is no guarantee that upon hacking an app like this, a hacker would be able to accomplish these disaster scenarios. Many companies have fail-safe systems that could limit damage and/or engineers who rely on data from multiple sources prior to declaring a machine safe. That said, even with these systems in place, application security flaws still exist and the potential remains open for a hacker to tap into these systems. Also, note that there’s similar applications used to oversee key public services such as power plants and transportation systems. If a hacker were to tap into infrastructure-related public service apps through similar means, the amount of damage that could happen would be immense.

In an emergency, human beings overseeing these systems need to have access to the resources to shut things down. In the event industrial settings and infrastructure become fully dependent on these type of applications, it presents a safety concern.

The next natural step to analyzing these security flaws would be to examine if they have been exploited. The researchers on this particular study did not take this step and instead, opted to report their findings directly to the companies using these flawed applications. According to the research published, some of the apps have seen their flaws fixed while many others have not.

As we move into the age of applications guiding warehouse, production, and industrial processes and facilities, increased attention needs to be paid to security. If nothing else, this study highlights a trend of some of the world’s most successful companies depending on technology with major security flaws in its design.