VARIABLE DRIVES AT CRITICAL SPEEDS: HACKING INDUSTRIAL MOTORS

Security researcher Reid Wightman of Digital Bond Labs found that at least 4 brands of variable-frequency drives that control the motors of industrial fans and pumps are easily hackable. These fans and pumps can be found in water plants, mining operations, and in heating and air conditioning systems. Unfortunately, the drives’ programming can be easily re-written and require exactly zeroauthentication before changing important things like the motor’s top speed.

And THAT, dear readers, is this hack’s biggest threat.

“They call it the ‘critical speed’,” says Wightman, “the speed at which the motor’s shaft begins to vibrate. (1)” Variable drives set the top speed under which a motor should safely operate, but this vulnerability allows hackers to push motors to speeds way beyond their capabilities resulting in costly damage and breakdowns.

A clearly frustrated Wightman adds,

“I would ask why they need to make this setting writeable over a network protocol. Why would an operator ever need to change this setting? That’s not something you would be changing while the device is running. It’s something you might change when you swap out the motor but not when it’s operating. Somebody thought it was a good idea. (2)”

I have no idea who that “somebody” was but I sincerely hope that the vendors can fix this problem soon. Wightman isn’t so optimistic though and didn’t even disclose his discoveries to the affected companies.

Why, you ask? Wightman says,

“What are they going to do about it? They designed it to work this way; they purposely went out of their way to make this critical speed readable and writeable with no authentication. They know what they’re doing. (3)”

While these companies may think they know what they’re doing the rest of us look on in confusion, disappointment, and concern.

If you have any questions or comments, you can reach me by email at czs@ethicalhacking.ca.

Image from https://goo.gl/HN2qGU - 1. http://goo.gl/rny0lZ 2. ibid 3. ibid