Honeywell’s industrial Android devices open to serious remote attack

Android-powered mobile devices from commercial and aerospace tech vendor Honeywell have a serious flaw that remote attackers could exploit to gain a foothold in critical infrastructure providers. 

The US DHS’s Industrial Control Cyber Emergency Response Team (ICS-CERT) put out an alert on Thursday warning Honeywell customers about a dozen of its handheld Android models that could give a remote attacker access to sensitive information, including passwords. 

The privilege management vulnerability can be exploited if an attacker was able to install a malicious app on the affected Android device. 

“A skilled attacker with advanced knowledge of the target system could exploit this vulnerability by creating an application that would successfully bind to the service and gain elevated system privileges,” ICS-CERT warned

Should such an advanced attacker exploit this vulnerability they could gain access to keystrokes, passwords, personal identifiable information, photos, emails, or business-critical documents, according  to ICS-CERT.

Many of the devices are ruggedized mobile computers used for logistics, warehouses, and in remote field operations. 

ICS-CERT notes that affected organizations could be from sectors including commercial facilities, critical manufacturing, energy, healthcare and public health.    

Affected devices include Honeywell’s CT60, CN80, CT40, CK75, CN75, CT50, D75e, CN51, and its ScanPal EDA series devices. The devices are running versions of Android between 4.4 KitKat to Oreo 8.1. 

Google’s Android team coordinated with Honeywell to report the issue to DHS’s National Cybersecurity & Communications Integration Center (NCCIC). 

ICS-CERT notes that there are no known exploits for this bug and that an attacker would need a high skill level to exploit it.  

Honeywell has released updates for each of the affected versions of Android and recommends its customers only permit a whitelist of trusted apps to be installed on its devices. 

NCCIC further recommends that all control system devices are not accessible from the internet, and to position these devices behind a firewall as well as isolate them from the business network.   

Join the newsletter!

Or

Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.
CSO WANTED
Have an opinion on security? Want to have your articles published on CSO? Please contact CSO Content Manager for our guidelines.

Tags DHSICS-CERTUS-CERTNCCIC

More about GoogleHoneywellICSA

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Liam Tung

Latest Videos

More videos

Blog Posts

Market Place