Trend Micro Research Reveals Dangerous Design Flaws and Vulnerabilities in Legacy Programming Languages

Must Read

How To Block Your Bank Account And SIM Card In Case Of Emergency

Losing your phone and wallet or having them stolen can be very frustrating. However, in case that happens to...

Here is a list of all Microfinance Banks’ USSD Codes in Nigeria.

A Microfinance bank is a type of bank that offers small loans, or microloans, to individuals, entrepreneurs and small...

List of United Bank for Africa (UBA) Sort Codes & Branches (with addresses) in Nigeria

The sort code is a number that usually identifies both the bank and the branch where an account is held. The sort...
- Advertisement -

Cybersecurity leader and Politecnico di Milano jointly release essential guidelines for secure OT development

 

HONG KONG, CHINA – Media OutReach – August 5, 2020 – Trend Micro Incorporated (TYO: 4704; TSE: 4704), the
global leader in cloud security,
today announced new research highlighting design flaws in legacy languages and
released new secure coding guidelines to help Industry 4.0 developers greatly
reduce the software attack surface. And with this decrease business disruption
in operational technology (OT) environments.

Conducted
jointly with Politecnico di Milano, the research details how design flaws in
legacy programming languages could lead to vulnerable automation programs.
These insecurities could enable attackers to hijack industrial robots and
automation machines to disrupt production lines or steal intellectual property.
According to the research, the industrial automation world may be unprepared to
detect and prevent the exploitation of the issues found. Therefore it is
imperative that the industry start embracing and establishing network-security
best practices and secure-coding practices, which have been updated with
industry leaders as a result of this research.

- Advertisement -

 

“Once
OT systems are network-connected, applying patches and updates is nearly
impossible, which makes secure development upfront absolutely critical,” said
Bill Malik, vice president of infrastructure strategies for Trend Micro.
“Today, the software backbone of industrial automation depends on legacy
technologies that too often contain latent vulnerabilities, like Urgent/11 and
Ripple20, or varieties of Y2K-like architectural defects. We don’t want to
simply point out these challenges, but once again take the lead in securing
Industry 4.0 by offering concrete guidance for design, coding, verification,
and on-going maintenance, along with tools to scan and block malicious and
vulnerable code.”

 

Legacy
proprietary programming languages such as RAPID, KRL, AS, PDL2, and PacScript
were designed without an active attacker model in mind. Developed decades ago,
they are now essential to critical automation tasks on the factory floor, but
can’t themselves be fixed easily.

- Advertisement -

 

Not
only are vulnerabilities a concern in the automation programs written using
these proprietary languages, but researchers demonstrate how a new kind of
self-propagating malware could be created using one of the legacy programming
languages as an example.

 

Trend
Micro Research has worked closely with The Robotic Operating System Industrial
Consortium to establish recommendations to reduce the exploitability of the
identified issues[1].

- Advertisement -

 

“Most
industrial robots are designed for isolated production networks and use legacy
programming languages,” said Christoph Hellmann Santos, Program Manager,
ROS-Industrial Consortium Europe. “They can be vulnerable to attacks if
connected to, for example, an organisation’s IT-network. Therefore,
ROS-Industrial and Trend Micro have collaborated to develop guidelines for
correct and secure network set-up for controlling industrial robots using ROS.”

Read Also:  Cushman & Wakefield Ranks Global Data Center Markets In New Study
Read Also:  8½ Otto e Mezzo Bombana Raised HKD3.56 Million For Mother's Choice

 

As
these new guidelines demonstrate, the task programs that rely on these
languages and govern the automatic movements of industrial robots can be
written in a more secure manner to mitigate Industry 4.0 risk. The essential
checklist for writing secure task programs includes the following:

 

  • Treat industrial machines as computers and task programs as
    powerful code
  • Authenticate every communication
  • Implement access control policies
  • Always perform input validation
  • Always perform output sanitization
  • Implement proper error handling without exposing details
  • Put proper configuration and deployment procedures in places

 

In
addition, Trend Micro Research and Politecnico di Milano have also developed a
patent-pending tool to detect vulnerable or malicious code in task programs,
thus preventing damage at runtime.

 

As
a result of this research, security-sensitive features were identified in the
eight most popular industrial robotic programming platforms, and a total of 40
instances of vulnerable open source code have been found. One vendor has
removed the automation program affected by a vulnerability from its application
store for industrial software, and two more have been acknowledged by the
maintainer, leading to fruitful discussion. Details of the vulnerability
disclosures have also been shared by ICS-CERT in an alert to their community[2].

 

The results of this research will be presented at Black Hat
USA
on August 5, and at the ACM AsiaCCS conference in
October in Taipei.

 

To find out
more, please find the complete research report here: https://www.trendmicro.com/vinfo/hk/security/news/internet-of-things/unveiling-the-hidden-risks-of-industrial-automation-programming.

About Trend Micro

Trend Micro Incorporated, a global leader in cybersecurity
solutions, helps to make the world safe for exchanging digital information. Our
innovative solutions for consumers, businesses, and governments provide layered
security for data centers, cloud environments, networks, and endpoints. All our
products work together to seamlessly share threat intelligence and provide a
connected threat defense with centralized visibility and control, enabling
better, faster protection. With more than 6,000 employees in over 50 countries
and the world’s most advanced global threat intelligence, Trend Micro secures
your connected world. For more information, visit www.trendmicro.com.hk.

Trend Micro Research Reveals Dangerous Design Flaws and Vulnerabilities in Legacy Programming Languages

- Advertisement -
Trend Micro Research Reveals Dangerous Design Flaws and Vulnerabilities in Legacy Programming Languages - Brand SpurTrend Micro Research Reveals Dangerous Design Flaws and Vulnerabilities in Legacy Programming Languages - Brand Spur

Subscribe to BrandSpur Ng

Subscribe for latest updates. Signup to best of brands and business news, informed analysis and opinions among others that can propel you, your business or brand to greater heights.

- Advertisement -
Trend Micro Research Reveals Dangerous Design Flaws and Vulnerabilities in Legacy Programming Languages - Brand SpurTrend Micro Research Reveals Dangerous Design Flaws and Vulnerabilities in Legacy Programming Languages - Brand Spur

Latest News

CBN Introduces the “Naira 4 Dollar Scheme” for Diaspora Remittances

In an effort to sustain the encouraging increase in inflows of diaspora remittances into the country. the Central Bank...
- Advertisement -
BrandsPur Weekly Cartoons
- Advertisement -Trend Micro Research Reveals Dangerous Design Flaws and Vulnerabilities in Legacy Programming Languages - Brand SpurTrend Micro Research Reveals Dangerous Design Flaws and Vulnerabilities in Legacy Programming Languages - Brand Spur