News

OTORIO – Major Security Risks Found in Industrial Cellular Routers

OTORIO, a leading operational technology cyber and digital risk management solution provider, has announced that three major industrial cellular router vendors have vulnerabilities in their respective cloud management platforms. This leaves hundreds of thousands of devices and operational networks open to potential attacks, prompting concerns about the security of connecting operational technology to the cloud.

OTORIO Uncovers Security Flaws

At Black Hat Asia 2023, OTORIO Security Researcher Roni Gavrilov shared the company’s findings on the issue. In their research, OTORIO discovered 11 vulnerabilities among the cloud platforms studied, which allow remote code execution and complete control over numerous devices and operational networks. More surprisingly, even devices not actively configured to use the cloud are exposed to these vulnerabilities.

A Range of Exploitable Vulnerabilities

The study uncovered a variety of attack vectors based on the security level of the vendor’s cloud platform. Some of these vulnerabilities included weaknesses in M2M (machine-to-machine) protocols and poor asset registration mechanisms. Attackers can exploit these vulnerabilities to gain root access through a reverse-shell, compromise devices in the production network with unauthorized access and control, or even exfiltrate sensitive information and conduct shutdown operations.

Assessing the Risks in IIoT Devices

As the deployment of Industrial Internet of Things (IIoT) devices becomes more widespread, awareness of potential threats from their cloud management platforms is crucial. According to Gavrilov, a single IIoT vendor platform being exploited can serve as a “pivot point” for attackers, giving them access to thousands of environments simultaneously. Of particular concern is that all three vendors’ platforms expose devices that have not been configured to use the cloud, bypassing security layers in the Purdue Enterprise Reference Architecture Model for different vendors.

OTORIO’s announcement sheds light on the significant security risks associated with industrial cellular router vendors, which could affect a large number of devices and operational networks. Companies must remain vigilant and continue prioritizing cybersecurity measures to protect their networks and ensure the safe adoption of IIoT devices.

Photo of Alex

Alex

Alex is a seasoned editor and writer with a deep passion for technology and startups. With a background in journalism, content creation, and business development, Alex brings a wealth of experience and a unique perspective to the ever-changing world of innovation. As the lead editor at Startup World, Alex is committed to discovering the hidden gems in the startup ecosystem and sharing these exciting stories with a growing community of enthusiasts, entrepreneurs, and investors. Always eager to learn and stay updated on the latest trends, Alex frequently attends industry events and engages with thought leaders to ensure Startup World remains at the forefront of startup news and insights. Alex's dedication and expertise help create an engaging platform that fosters knowledge-sharing, inspiration, and collaboration among tech-savvy readers worldwide.

Related Articles

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Back to top button