Today the DHS ICS-CERT published a control system security
advisory for mobile computers from Honeywell. The advisory
describes an improper privilege management vulnerability. The vulnerability was
reported by the Google Android Team. Honeywell has updates available to
mitigate the vulnerability.
ICS-CERT reports that a skilled attacker could remotely
exploit the vulnerability to allow a malicious third-party application to gain
elevated privileges. This could enable the attacker to obtain access to
keystrokes, passwords, personal identifiable information, photos, emails, or
business-critical documents.
It is too early to tell if this vulnerability affects all Android
devices (probably?) so other mobile ICS devices might also be affected. Of course
(sarcasm alert), no one would use non-approved applications on a device used to
access a control system, so this really is not a problem (SIGH).
Posts
No comments:
Post a Comment