Security of your smartphone affecting your Industrial control system?
I have become dependent on my smart phone. I suspect you have too? Have you considered the possible attack vectors we open up while leveraging all these great features on these important little devices.
I know with my Blackberry, I download music, movies, files, email, pictures, apps, etc. It connects to Cellular wireless networks along with Wi-Fi and Bluetooth. If not configured correctly it could associate with rogue Cellular base stations that “bad actors” prop up to either steal your information or send malware to your phone. You can also become a carrier of malware from downloading apps, files, music and pictures of Cellular or Wifi networks. How about access via Bluetooth?
So, how does this affect other systems? While not overlooking the risk of losing your own data on the phone, having accounts hijacked etc, you also risk every system that you connect your phone to. While I travel, I was using my laptop as my charger. Using the supplied USB cable I connect my phone to my laptop and let it “Charge” but ignoring the fact that I’m connecting a USB drive to my system that could possibly infect it. I suspect this could be an overlooked practice on any system with the USB connector exposed. Not only do we need to manage our thumb drives we have to consider everything we connect to these systems even when in the past we consider them benign.
Some things to consider for your smartphone:
1. Configure your phone to only join trusted networks
2. Beware of Apps and any file downloads.
3. Keep your phones OS up to date
4. Set a screen lock and password ….and use it.
5. Don’t hack your phone…ie Jail Break it.
6. Consider some of the phone locator apps to locate your lost phone.
Does it sound like a stretch? Maybe it is…but I would hope this might make you consider these little overlooked attack vectors.
nice opinion.. thanks for sharing...
ReplyDelete