• Skip to main content
  • Skip to primary sidebar

Spitzer and Boyes, LLC

Technical Services And Strategic Consulting For Technology Companies

  • Home
  • Services
    • For Suppliers, Manufacturers, And Representatives
    • For End-User Companies And OEMs
    • For Foreign Companies
    • For Lawyers
  • Products
  • Seminars
  • Downloads
  • Clients
  • About

Why the HART vulnerability is scary #pauto #HART #automation #cyber

January 20, 2014 by Walt Boyes

Last week I reported that a serious vulnerability in the HART protocol was demonstrated at the S4 conference. It seems that this has not yet penetrated the consciousness of the process control world.
This vulnerability, like the Target hack, and like Stuxnet, is a Control System Level 0 vulnerability. That is, it uses a field device or controller as its vector. As such it is nearly impossible to see happen, or to trap for. You are infecting the data stream from a simple field device, not trying to raid an application directly. What the HART hack gets you is access to the control system, to the asset management system, and from there to the plant operations system and the ERP system. Essentially, if it works as well as Alexander Bolshev (@dar_k3y) says, and there is no reason from the evidence he presented to disbelieve him, this is a golden key to the plant– and the enterprise.
No one has yet used the HART hack. Wait, how would we know? Nobody has caught anybody using the HART hack Bolshev described. If somebody in Russia, or in China or wherever has been doing this, they could have been doing it for years and nobody the wiser.
Somebody needs to come up with some trapping routines for this pretty quickly.

Filed Under: Walt Boyes' Blog

Primary Sidebar


Contact Us Using the Form Below or by Phone at:

  • +1.845.623.1830 (NY)
  • +1.630.639.7090 (WA)
  • +55 (21) 3958.1283 (Brasil)

Subscribe to David W Spitzer’s E-Zine and the Industrial Automation INSIDER

  • This field is for validation purposes and should be left unchanged.

Spitzer and Boyes is a proud member of the Measurement, Control and Automation Association

Follow Us on Social Media

  • LinkedIn
  • Twitter
  • YouTube

Copyright © 2023 · Magazine Pro on Genesis Framework · WordPress · Log in