Weaknesses in Specialized Systems
- ICS(Industrial Control Systems)
- Environment conditions
- SCADA(Supervisory Control and Data Acquisition) -
- SCADA is the control system that interfaces with industrial processes
- SCADA is often a turnkey layered software
- PLC(Programmable Logic Controllers) - PLCs are the electronic boards(s) that power the manufacturer's processes
- Mobile - lack of updates, compromised settings, dangerous apps, etc.
- Rooting/Jailbreak a device makes it open to security breaches
- Beware of mining activities
- IoT(Internet of Things) - default (weak) security (wide open)
- Embedded
- Point-of-sale system
- Attractive due to connection to payment devices(cash, readers, etc.)
- Biometrics -accuracy is still evolving
- What if primary reader fails to detect?
- What is the manual process? Pressure and urgency is always an aspect of social engineering.
- Application constrainers
- Containers and VMs are not foolproof sandboxes
- Compromising(breaking out) may allow access to external resources
- RTOS(Real-time operating system)
- Designed to provide fast, lightweight services, not security.
QUICK REVIEW
-
ICS and SCADA systems often lack current security patches
-
Mobile and IoT devices are often configured for convenience over security
-
Any device that handles payments is an attractive target