Security vulnerabilities found in industrial IoT

August 12, 2023

FH St. Pölten students found security vulnerabilities in industrial IoT hardwar

Students of the master’s programme Information Security at the University of Applied Sciences St. Pölten have uncovered security vulnerabilities in industrial IoT (Internet of Things) devices in the course of a course together with the company CyberDanube. The manufacturing companies were informed and have fixed the gaps.

In order to make teaching more practical, students on the IT security degree programmes at St. Pölten UAS regularly search for vulnerabilities in IT components. Last summer semester it was the turn of firmware of networked industrial devices in the Industrial Internet of Things (IIoT).

“The aim of the exercise was to find already known vulnerabilities and to document them accordingly. In addition to the already known vulnerabilities, the students also found new, not yet known, so-called zero-day vulnerabilities in the devices. This is a great experience for students and a remarkable success,” says programme director Christoph Lang-Muhr.

Real devices and digital twins

The analysed devices belong to the category of industrial communication solutions and are used to enable reliable and secure data transmission in industrial environments. Since the students did not have any physical devices available, they worked on so-called “digital twins”, i.e. virtual replications of the networked devices. The devices are from industry-known suppliers. “Phoenix Contact and Advantech are both leading companies in the field of Industrial Internet of Things, or IIoT.

The course was presented and coordinated by the IT security company CyberDanube, which also provided the MEDUSA solution, i.e. the technology & infrastructure for the digital twins. CyberDanube is one of two CNAs (CVE Numbering Authority) in Austria and thus authorised to assign globally recognised vulnerability numbers, so-called CVEs.

“It was a very exciting experience for us to work with particularly motivated students in this field of cyber security. We can also further incorporate relevant findings and experience gained through this into our platform,” says one of the founders of CyberDanube, Mario-Valentin Trompeter.

“These successfully found vulnerabilities show the relevance of research in this area and the practical work and training of students at St. Pölten UAS,” says Lang-Muhr.

Related Articles

Federal Council approves amendment to Telecommunications Act

The Federal Council today approved the amendment to the Telecommunications Act. This enshrines the overriding public interest in network expansion in law. This will significantly speed up the approval process, especially for the construction of mobile phone masts. "A...

Herrmann presents new mobile video towers for the Munich police

Flexible video surveillance for greater security on the ground: Interior Minister Joachim Herrmann presents new mobile video towers for the Munich police – Even more protection in Germany's safest city – 3.8 million euros for further expansion of police video...

Share This