Is wireless Bluetooth technology used anywhere in your manufacturing plant? If so, you could be exposing your controls network to hackers, terrorists or others with malicious intent. That warning comes from Clint Bodungen, who sees “Bluetooth hacking” as a potential “new frontier” for industrial cyber bad guys.
Bodungen is a Houston-based industrial cyber security consultant and the U.S. president of the Critical Infrastructure Institute, which provides security training and education. He identified Bluetooth as “a new attack vector for hackers” during a presentation at the annual meeting of the Process Control Systems Forum (PCSF) March 6-8 in Atlanta. And during a recent interview with Automation World, Bodungen expanded upon those comments.
Bluetooth, a short-range radio specification, provides a convenient means of wireless, device-to-device communication for a growing variety of consumer gizmos, ranging from cell phones, earsets and headsets to personal digital assistants (PDAs), home medical devices and game controllers. Bluetooth is also used to provide wireless links between personal computers (PCs) and keyboards, printers and other peripherals. Some manufacturing plants today are already using Bluetooth-enabled printers and keyboards, says Bodungen, and Bluetooth is increasingly being considered for a variety of industrial uses, including machine-to-machine communication, data acquisition and automated meter reading. Expansion of these latter kinds of uses poses the biggest potential threat for manufacturers, he says.
By design, Bluetooth has a limited effective range—typically up to about 10 meters, or 32 feet—a feature that some might believe would cancel out most cyber threats, since hackers would need to be physically close to wirelessly tap into a Bluetooth device. But Bodungen points out that with a strong transceiver, Bluetooth range can be extended to around 300 feet. And in many cases, Bluetooth signals can be picked up around the perimeter of buildings where the technology is used, says Bodungen.
Among other things, Bodungen participates in so-called “red team” penetration testing, in which he and others are hired by industrial companies to pose as cyber bad guys to test the effectiveness of a company’s cyber defenses. “On one of our recent jobs, we were doing a nighttime surveillance, and we were sitting in the woods about 20 to 30 yards away from a building doing a scan, and we were picking up Bluetooth peripherals,” he reveals. Many manufacturers don’t realize how easy it is for outsiders to get physically close to, or even inside, their facilities, Bodungen observes.
Exacerbating the problem is that “Bluetooth was not designed with security in mind,” Bodungen adds. The result is Bluetooth vulnerabilities that can easily be exploited by cyber miscreants, he says. And once hackers gain access to a Bluetooth-enabled device that has links to a controls system network, they can use that access to download information from servers or controllers, or to launch denial of service attacks, Bodungen says.
Just say no
The degree to which Bluetooth hacking becomes a widespread threat to critical infrastructure control systems may depend upon how common the technology becomes within automation and control systems environments, Bodungen observes. But the threat is definitely there, he says.
What’s the antidote? While there are Bluetooth security measures that can be taken, the technology remains too insecure for use in critical applications, Bodungen believes. “In a process control environment or an industrial network environment, you shouldn’t use Bluetooth for anything,” Bodungen declares. “Use wires instead.
“What’s more important?” he asks. “The inconvenience of having wires running to devices, or leaving a vulnerability into a critical system?”
Critical Infrastructure Institute