Thursday, September 13, 2018

ICS-CERT Publishes Honeywell Advisory

Today the DHS ICS-CERT published a control system security advisory for mobile computers from Honeywell. The advisory describes an improper privilege management vulnerability. The vulnerability was reported by the Google Android Team. Honeywell has updates available to mitigate the vulnerability.

ICS-CERT reports that a skilled attacker could remotely exploit the vulnerability to allow a malicious third-party application to gain elevated privileges. This could enable the attacker to obtain access to keystrokes, passwords, personal identifiable information, photos, emails, or business-critical documents.

It is too early to tell if this vulnerability affects all Android devices (probably?) so other mobile ICS devices might also be affected. Of course (sarcasm alert), no one would use non-approved applications on a device used to access a control system, so this really is not a problem (SIGH).

No comments:

/* Use this with templates/template-twocol.html */