Engineering news
Hackers could strike as soon as tools exploiting major and widespread issues are commercialised, warned expert Ross Brewer, vice president at security company LogRhythm.
Manufacturers and engineering companies are at risk – along with users of nearly all computers and phones worldwide – after researchers revealed two security flaws known as Meltdown and Spectre. The issues are built into Intel chips, present in millions of devices, as well as some processors from ARM and AMD.
“This is the big one,” Brewer told Professional Engineering.
Hackers could potentially exploit the flaws, using malware to steal important data from companies.
“Information that we always felt was secret and non-accessible is now potentially going to be accessible,” said Brewer. “So I think the foremost concern is the security implications of secret information – user credentials, passwords – being gleaned.”
In a manufacturing context, this information could be used to devastating effect on machinery control systems.
“if you can log on as a user… you could potentially get administrator type activity on those systems and then use them for nefarious activity, whether that be disrupting the process or shutting down the process, or overriding safety controls,” said Brewer.
This could include hackers bypassing temperature, speed or pressure limits on automated devices, leading to “catastrophic” failures triggered remotely over the cloud.
Manufacturing expert Don Rogers from World Wide Technology previously told PE that overrides could lead to worker injuries and deaths, while a report from security company Trend Micro and the Polytechnic University of Milan warned hackers could deliberately cause hidden defects in products and put the public at risk.
Companies tackling the flaws by running security checks and installing patches also reportedly face an impact on computer performance, with potential drops in speed of between 1-50%. This could lead to negligent manufacturers deciding against using patches to maintain short-term production, warned Brewer.
Yesterday, a spokesperson for the National Cyber Security Centre said there was no evidence of malicious exploitation, adding: “The NCSC advises that all organisations and home users continue to protect their systems from threats by installing patches as soon as they become available.”
However, Brewer said, companies must take further steps. “All manufacturing business who have adapted the smart manufacturing approach need to have preventative measures in place,” added Joshua Dugdale, technical manager for the Manufacturing Technologies Association.
Manufacturers must monitor user behaviour for new patterns and deviations from normal use, said Brewer. Artificial intelligence and deep learning can help monitor for illicit activity.
In an online statement, Intel advised users to install security updates as soon as they are available and encouraged the use of good security practices.
Content published by Professional Engineering does not necessarily represent the views of the Institution of Mechanical Engineers.