How do mobile apps impact security in the Industrial IoT?

New research from IOActive looks at the rise in vulnerabilities of mobile apps which connect to SCADA systems – we catch up with Jason Larsen to learn more

In 2015 security firm, IOActive, analyzed 20 mobile applications that connected to industrial control systems (ICS). Last year, it reprised the research and discovered 147 issues in the 34 applications selected for analysis. This represents an average increase of 1.6 vulnerabilities per application.

What might this mean in the age of Industrial IoT? The full report “SCADA and Mobile Security in the Internet of Things Era” can be downloaded here. And we spoke to Jason Larsen, director of advisory services at IOActive to learn more. 

Roughly what percentage of the SCADA app universe does the 34 randomly tested apps represent?

There were roughly 140 apps in Google Play and 200 in the Apple App Store. 

Did the level of increase in vulnerabilities between 2015 and 2017 surprise you?

Usually when a problem is pointed out, the code quality increases. My gut tells me that since this is a new environment, the failure is in processes and procedures. Since industrial control vendors haven’t historically used mobile environments, it’s likely that many of these applications were hired out to third-party developers who used the same rapid development strategies they use for everything else. I wouldn’t be surprised if most of these were pilot projects where the contracting language wasn’t in place to require security coding practices and security testing. One of the reasons we do this kind of research is to focus industry on the problem.

To continue reading this article register now

Make your voice heard. Share your experience in CSO's Security Priorities Study.