Penetration tests make products secure
The buzzword Industry 4.0 embraces production facilities becoming increasingly digital and smart. As a consequence, companies are confronted with the issue of IT security due to the networked production. The effects of a hacker attack are particularly noticeable in the production process. In order to ensure product security, penetration tests against such systems or their components are becoming increasingly popular.
A penetration test is a simulated hacker attack. The penetration tester uses the same techniques that a criminal hacker would use. Different experts are involved depending on the test object. If industrial devices with cloud connections are examined, experts for embedded systems, web applications and cloud infrastructure collaborate.
After the planning, in the preparation phase, the client creates the necessary framework conditions. If, for example, individual components of a production line are to be tested, the penetration tester needs these components in multiple versions.
While the pentest is conducted, a contact person should always be available for questions. It can happen that a device does not work correctly after an attack and then a close contact between pentester and client is beneficial in order to fix errors quickly.
Pentesting is for hardware, too
When testing the hardware of an industrial device, first the accessible interfaces, such as network connections or proprietary plugs, are checked. Often the housing is opened as well to examine its contents, as the security of the memory devices is often neglected during development. If a cybercriminal can procure identically constructed operating system memory, they can draw conclusions about the encryption, extract and manipulate the operating system memory of the device and thus compromise the entire device.
Embedded tests also focus on what are known as debug interfaces. These are required during hardware development and allow direct access to the system. Occasionally, these interfaces are not removed or disabled in the final production. If there is a back-end component for the device, it is recommended to test it, too.
Just as a hacker would do, a penetration tester is interested here, among other things, in the authentication and authorisation concepts as well as in the possibilities of escalating their privileges and reading out external customer data.
At the end of every Pentest, there is a report with detailed explanations about the vulnerabilities found. In order to be able to fix them, they should be described in a way that the customer can reproduce them independently. Of course, the company carrying out the test should be available for questions about weak points or their elimination.
Moritz Lottermann has been conducting penetration tests at SySS GmbH for 2.5 years. As a member of the hardware focus team, he analyses products from the Internet of Things (IoT) environment.