14 DAY TRIAL // After baby monitors, security alarms, electric skateboards, smart cars, medical equipment, fridges, and kettles (just to name a few), it is now time for gas detectors to be vulnerable to remote hacking.
According to a recent ICS-CERT advisory, the Midas and Midas Black gas detectors sold by US hardware firm Honeywell are vulnerable to remote cyber-attacks, which can allow attackers to modify its settings without proper authentication.
Vulnerable versions include the Honeywell Midas version 1.13b1 and prior, and Honeywell Midas Black version 2.13b1 and prior, for which the manufacturer has already released fixes to address the reported issues.
Two highly critical vulnerabilities affect older Honeywell gas detectors
The vulnerabilities are a path traversal issue (CVE-2015-7907) and a cleartext transmission of sensitive information (CVE-2015-7908). Both are considered critical vulnerabilities with CVSS severity scores of 8.6 and 9.4, out of a maximum of 10. Both are remotely exploitable.
For the first issue, successful exploitation allows attackers to bypass the authentication process and make critical changes to the gas detector's settings.
The second issue involves the improper encryption of authentication details. This occurs when admins log in on the device using its remote access capabilities. An attacker in range of the device could intercept credentials and also gain access to the gas detector.
An IoT device that can easily kill
Unauthorized changes to the gas detector's settings could lead to erroneous gas level reports, that could lead to the damage of critical equipment and even the loss of human life.
Besides issuing firmware fixes, Honeywell recommends that companies place the gas detector in DMZ zones, use firewall protections, or instruct employees to access the device only via VPNs.
Additionally, the device should not be connected to a network unless this feature is really needed, and only authorized personnel should be allowed to interact with it.
Responsible for discovering these issues is independent researcher Maxim Rupp.